cobaltstrike | ac5096862b24412740f4a5fd0675963f9592833c09420398e0b1964c01d25479

Analysis

max time kernel
140s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 11:42

Target

ac5096862b24412740f4a5fd0675963f9592833c09420398e0b1964c01d25479.exe
Size

19KB
MD5

3ada5c24a9c1801e6e2819515cf5f6de
SHA1

e95fdc9cbfc4ac2746086b820e14e9dd74fe0dee
SHA256

ac5096862b24412740f4a5fd0675963f9592833c09420398e0b1964c01d25479
SHA512

5a3a7d1df96e4afac90780c79ea8c50f018e35f51fbb033ae695b34f8543784b2ec25f33c153a30b4cac6ecadb8d4ef97bd67e17ee8f8fc557d6209fbd19ae09
SSDEEP

192:tV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2S/00SFYFz9JlWF8qa1Dojjgi:fqaCF31cix+Dc4zjBqyFz9KFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.4.10:443/mU1j

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\ac5096862b24412740f4a5fd0675963f9592833c09420398e0b1964c01d25479.exe
"C:\Users\Admin\AppData\Local\Temp\ac5096862b24412740f4a5fd0675963f9592833c09420398e0b1964c01d25479.exe"
1⤵
PID:2056

memory/2056-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2056-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download