cobaltstrike | 2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 19:18

Target

f2f313cfc30ff5593795e4518654fb03_JaffaCakes118.exe
Size

17KB
MD5

f2f313cfc30ff5593795e4518654fb03
SHA1

30a0877ed734a2f1db8707b0a9f70eb5d4c8a892
SHA256

2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6
SHA512

e482114cf9cf42126378374e02e95fc5f96f2ff4e29388aa0f6f1cae46d78025c0edd27bdb0e6fc2bdf09394bc7f40fdd81159c7875cb7f0c4746bdafb6cf247
SSDEEP

192:pDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH4LI/yleBUbOj6kxiY:pDMAoKz6WtKEj7aBDix/yobAY

Score

10^/10

Family

cobaltstrike

http://213.236.64.41:443/2vKj

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\f2f313cfc30ff5593795e4518654fb03_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2f313cfc30ff5593795e4518654fb03_JaffaCakes118.exe"
1⤵
PID:4964

memory/4964-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4964-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download