cobaltstrike | 627abde1ac08188262c07053a41251ca45b1810480bbf76d6e20e80732495e1a

Analysis

max time kernel
111s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 20:58

Target

8ed8c522884959241e80f76f03d00720N.exe
Size

66KB
MD5

8ed8c522884959241e80f76f03d00720
SHA1

b695602ba621a7f0889731360992731c3e957a1a
SHA256

627abde1ac08188262c07053a41251ca45b1810480bbf76d6e20e80732495e1a
SHA512

5c884ef5f08d2beb1e4b76a0be2538d59a4bcb75352b9b5ec8c852cf2d82b19e6f4e86a86b300f5678a853e38de130004b8ad00cc5dd8923f249a68360b6d033
SSDEEP

768:TIX+HEJWocR3dOdQyYBx4f6OHU0nKbngZRngMywI6i8ZBpA6oVKs1dcW:T4ZJW1dLPxS6GU0nEgZRgGrzVZwqW

Score

10^/10

Family

cobaltstrike

http://116.196.117.112:8888/w68x

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\8ed8c522884959241e80f76f03d00720N.exe
"C:\Users\Admin\AppData\Local\Temp\8ed8c522884959241e80f76f03d00720N.exe"
1⤵
PID:1288

memory/1288-0-0x000000013F261000-0x000000013F262000-memory.dmp

Filesize
4KB

Download
memory/1288-1-0x000000013F250000-0x000000013F267000-memory.dmp

Filesize
92KB

Download