cobaltstrike | ee014b3f73ef1e64af32f01d881b2bb51cf447ecf9158c1bb2c473b14f5134d8

Analysis

max time kernel
98s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 09:05

Target

e223aeb6685032017a3feb55fc8a4446_JaffaCakes118.exe
Size

19KB
MD5

e223aeb6685032017a3feb55fc8a4446
SHA1

5c974b2f6723447ebe0240e0eb601ad4e4948b4e
SHA256

ee014b3f73ef1e64af32f01d881b2bb51cf447ecf9158c1bb2c473b14f5134d8
SHA512

fc02a9fd3db27f3f69913fe9d6098261b435986f8b21b0b6c7fae7d75b5e948c871c280020fe1bb74e46acba093cf95f964454cdffc8ed00d02992125ae28197
SSDEEP

192:LbPLhIofWpw2mobwieDzPIPsXgbGQGfMZAq/V5nnnRZ1eZAqKtljvTNKShh2x48:LD6ofWCTNc5bGQGBMAZ1gfDj8

Score

10^/10

Family

cobaltstrike

http://ctteducation.com:443/3bxP

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\e223aeb6685032017a3feb55fc8a4446_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e223aeb6685032017a3feb55fc8a4446_JaffaCakes118.exe"
1⤵
PID:648

memory/648-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/648-4-0x0000000003CE0000-0x00000000040E0000-memory.dmp

Filesize
4.0MB

Download
memory/648-5-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download