cobaltstrike | b3d420a24588b2ad940012815b2d674e1e54239f0d5a609d7b1d35037e5ce685

Analysis

max time kernel
110s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 10:30

Target

b3d420a24588b2ad940012815b2d674e1e54239f0d5a609d7b1d35037e5ce685N.exe
Size

19KB
MD5

5d326d03312acc19ec821a3721fd5740
SHA1

1a8cc40058f1989c6e29047858939cdc5229f960
SHA256

b3d420a24588b2ad940012815b2d674e1e54239f0d5a609d7b1d35037e5ce685
SHA512

0e7805d6a61f98f234aa5d16d58626714f48717421c0ed1f8d2fe23eb49b1d043e3b14a06ca24a298308dc318a71f0ea3eb73eafdad761f49a75901f43d2e5e5
SSDEEP

192:tV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2kLP3o3SxxWF8qa1Dojjgi:fqaCF31cix+Dc4zjn7xMFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.242.131:80/WeOR

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\b3d420a24588b2ad940012815b2d674e1e54239f0d5a609d7b1d35037e5ce685N.exe
"C:\Users\Admin\AppData\Local\Temp\b3d420a24588b2ad940012815b2d674e1e54239f0d5a609d7b1d35037e5ce685N.exe"
1⤵
PID:1036

memory/1036-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1036-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download