cobaltstrike | cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 12:13

Target

efc4c153206e06fd43d07496e0be502c_JaffaCakes118.exe
Size

152KB
MD5

efc4c153206e06fd43d07496e0be502c
SHA1

b9b1239f89981e09c1f8d333e6631bf43386fe28
SHA256

cb01f31a322572035cf19f6cda00bcf1d8235dcc692588810405d0fc6e8d239c
SHA512

2d03f35758e5b853a8772a109738d9464955681b3f28d2b438510f393db109aa24d7a76d8875801687c1060811bc62ac03221d11992c3bb2792443aa78f700a3
SSDEEP

3072:krW1+PlAoE3DqKQevDXHoX6zr/YRr4FfNW9KWGeQ15aH:fWpETNQevzIX6zWreeQ1g

Score

10^/10

Family

cobaltstrike

http://hdhuge.com:443/files/remove.gif

Attributes

user_agent
Host: amazon.co.jp Connection: close Accept: image/jpeg User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\efc4c153206e06fd43d07496e0be502c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\efc4c153206e06fd43d07496e0be502c_JaffaCakes118.exe"
1⤵
PID:3432

memory/3432-3-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download