cobaltstrike | e4d31b21ad5a1e0ef078126a70f54d2b165713cdec4131cbbc939a1b58f2a1a2

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 11:31

Target

20240918407a395dd99570322a3f65be0750717csnatch.exe
Size

1.8MB
MD5

407a395dd99570322a3f65be0750717c
SHA1

b9ef2f09e9fc84a698f90084e4ffd66559357143
SHA256

e4d31b21ad5a1e0ef078126a70f54d2b165713cdec4131cbbc939a1b58f2a1a2
SHA512

6313392f3ede09b99585669ae4d96799a3cc50047ddf5f446bea61056acce9651b34d35ab31c7680250e557eb2a03ea8d59d0ee2513d7165a35f01326e706bb1
SSDEEP

24576:4ZbEBX5p4uSHHXSkjJMPQ7jtJFI6bZu5eqsW:E6X5KNnZjJMsF1e

Score

10^/10

Family

cobaltstrike

http://150.158.38.230:443/api/v2/getinfo

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) Host: updatetime.msn.cn

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\20240918407a395dd99570322a3f65be0750717csnatch.exe
"C:\Users\Admin\AppData\Local\Temp\20240918407a395dd99570322a3f65be0750717csnatch.exe"
1⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
1⤵
PID:4360

memory/1844-0-0x00000212EEA00000-0x00000212EEA01000-memory.dmp

Filesize
4KB

Download