cobaltstrike | e9302c70c7b19c8ecd1af5899613f447ef4c9a83e383472ddae098c9465d6a38

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 14:06

Target

e9302c70c7b19c8ecd1af5899613f447ef4c9a83e383472ddae098c9465d6a38.exe
Size

576KB
MD5

ba94775b3423fdd4d5d3d9ec8209a637
SHA1

a7c70461aade54b54b6458634cd7d0c86ab5cc4f
SHA256

e9302c70c7b19c8ecd1af5899613f447ef4c9a83e383472ddae098c9465d6a38
SHA512

822de07a38a8c6bad491ebe10add02926f7d410a24d75b8b5d1954fdd351623da8efb4975fd240467467a176d300514e63a4652642303d21ce7830ad1d80183c
SSDEEP

12288:E9OrxVw6vt3UYPHKVwk3Ta77Hp0fWAUmBJmdluPvYFLTqop4:E9Wa6vtkuqPvYFLTqop4

Score

10^/10

Family

cobaltstrike

http://10.110.102.24:5555/Iht8

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\e9302c70c7b19c8ecd1af5899613f447ef4c9a83e383472ddae098c9465d6a38.exe
"C:\Users\Admin\AppData\Local\Temp\e9302c70c7b19c8ecd1af5899613f447ef4c9a83e383472ddae098c9465d6a38.exe"
1⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3932,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
1⤵
PID:208

memory/1744-0-0x0000022E7A760000-0x0000022E7A761000-memory.dmp

Filesize
4KB

Download
memory/1744-1-0x00007FF6A5140000-0x00007FF6A51C9000-memory.dmp

Filesize
548KB

Download
memory/1744-13-0x00007FF6A5140000-0x00007FF6A51C9000-memory.dmp

Filesize
548KB

Download