cobaltstrike | 7fac09caf07cb087615eefdf49d46021417171d380023513537146e584eb2d27

Analysis

max time kernel
110s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 11:40

Target

d5d0c11c0ba621fe4517dfdad762a1a0N.exe
Size

19KB
MD5

d5d0c11c0ba621fe4517dfdad762a1a0
SHA1

da08554f9000c9f66ebc19f8dd5cbab3e4f618cc
SHA256

7fac09caf07cb087615eefdf49d46021417171d380023513537146e584eb2d27
SHA512

05d72e02c19f6929efc1cefe5010c9842e087297ea01017f1b3dbcb8982ffd414f9021eb206de310717bcfe7fd56f8dd1c7ba24d87a1ed6296ed9388b8c9b83b
SSDEEP

192:gV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/28GPIWF8qa1Dojjgi:CqaCF31cix+Dc4zjYFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.209.138:8080/Bv7n

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\d5d0c11c0ba621fe4517dfdad762a1a0N.exe
"C:\Users\Admin\AppData\Local\Temp\d5d0c11c0ba621fe4517dfdad762a1a0N.exe"
1⤵
PID:1620

memory/1620-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1620-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download