cobaltstrike | af15cf2ff0fb8112c823c8c435ba24f4152fdfce52c42b123c91f50b2f8c55c8

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-09-2024 11:05

Target

e6ae91952daf21ea5ae624437db8695b_JaffaCakes118.exe
Size

17KB
MD5

e6ae91952daf21ea5ae624437db8695b
SHA1

db416c7dea3c746a8afc5b4113873f5d466467f1
SHA256

af15cf2ff0fb8112c823c8c435ba24f4152fdfce52c42b123c91f50b2f8c55c8
SHA512

76527c09814d4df02c49f2fe90be7387420bcf96995c716c7d0a5557f3e5fb04e633a704b4b7ddf718bb4ebb324f1c80f09c4b50955269e608b7a73e8e956cbd
SSDEEP

192:abA0TJAPyjLHY219R8C6wtQbYu2KmbxQ2C04kvWgepEt2Subj6EUbOD6kxiY:aA0TJASPp6p/D43FvWgepW66IAY

Score

10^/10

Family

cobaltstrike

http://202.182.110.230:443/tTa4

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\e6ae91952daf21ea5ae624437db8695b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e6ae91952daf21ea5ae624437db8695b_JaffaCakes118.exe"
1⤵
PID:2564

memory/2564-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2564-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download