cobaltstrike | 86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 10:27

Target

86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
Size

19KB
MD5

20d21c6566e1af3caa82be1b5a816ee1
SHA1

bb437d5471b6ccf5ef6f343e6355906ba5d35526
SHA256

86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585
SHA512

673f92c0b38f63733286a366cbffacfcd0378572f3921fde962722b58cedc53d89b4d7523b4257ef021f2af94b183ca68ed7f91558529b05d34c33d5a889c9b3
SSDEEP

192:uV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2wpCiF1WF8qa1Dojjgi:4qaCF31cix+Dc4zjxpCPFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.49.128:4444/oP9e

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
"C:\Users\Admin\AppData\Local\Temp\86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe"
1⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4244,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
1⤵
PID:2960

memory/2088-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2088-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download