cobaltstrike | af5d54ccaea03ecb69ad4b288916cd7a5b0412c8a8b65a4d540b4c588da80fae | Triage

Analysis

max time kernel
110s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 18:35

Sharing

Report Analysis Logs

General

Target

af5d54ccaea03ecb69ad4b288916cd7a5b0412c8a8b65a4d540b4c588da80faeN.exe
Size

514KB
MD5

d7042459b049923802935465d5a11780
SHA1

479a8fad7d24e6c8b6d2039061ac4eb92efac790
SHA256

af5d54ccaea03ecb69ad4b288916cd7a5b0412c8a8b65a4d540b4c588da80fae
SHA512

4eb2846cc404d176b620bd9fecf62a2fca89578c5748785d5cd698626bd2d4e121b76b3ac42945e4bbfda608b7a483ecd8848832e4b8f691946404ebc3e9d832
SSDEEP

6144:KShCrVL6HGAVzt6PAnzCzTtb13h9xYtG4WAeMg5hyqH/vmvBn9XF:8rVum0ztIAnzWTpBqtG4WFMg5X/voxF

Score

10^/10

cobaltstrike 0 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\af5d54ccaea03ecb69ad4b288916cd7a5b0412c8a8b65a4d540b4c588da80faeN.exe
"C:\Users\Admin\AppData\Local\Temp\af5d54ccaea03ecb69ad4b288916cd7a5b0412c8a8b65a4d540b4c588da80faeN.exe"
1⤵
PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2604-2-0x00000000004D0000-0x000000000051D000-memory.dmp

Filesize
308KB

Download
memory/2604-1-0x0000000000BB0000-0x0000000000C30000-memory.dmp

Filesize
512KB

Download
memory/2604-0-0x0000000000BB0000-0x0000000000C30000-memory.dmp

Filesize
512KB

Download
memory/2604-3-0x000000013F780000-0x000000013F808000-memory.dmp

Filesize
544KB

Download
memory/2604-4-0x0000000000BB0000-0x0000000000C30000-memory.dmp

Filesize
512KB

Download
memory/2604-5-0x0000000000BB0000-0x0000000000C30000-memory.dmp

Filesize
512KB

Download