cobaltstrike | d31dbac00b91668c66a81e026ba14a2740a1191bbd0453463f6aa397dc3ba75e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26-09-2024 09:48

Target

d31dbac00b91668c66a81e026ba14a2740a1191bbd0453463f6aa397dc3ba75e.exe
Size

576KB
MD5

df1d5f3a0f558acd125603ed0e1b4a86
SHA1

6c938721a3c0094fc68cf585cda4edae54733198
SHA256

d31dbac00b91668c66a81e026ba14a2740a1191bbd0453463f6aa397dc3ba75e
SHA512

4d961e3f65f15f1a9c176a639d0cce48a950d13283aa43ce106d11232381c7498037187e9edff7d8cd8bc9b76b98d386623611c7dd15a5b28903cf482bc26a15
SSDEEP

12288:Ksrx/+/TItcj5HPKewk3Ta77Hp0fWAUmBYmzNEjvYFLeqoUx:KIMTItGnajvYFLeqoUx

Score

10^/10

Family

cobaltstrike

http://39.105.211.50:443/DRdc

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; MASP)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\d31dbac00b91668c66a81e026ba14a2740a1191bbd0453463f6aa397dc3ba75e.exe
"C:\Users\Admin\AppData\Local\Temp\d31dbac00b91668c66a81e026ba14a2740a1191bbd0453463f6aa397dc3ba75e.exe"
1⤵
PID:544

memory/544-0-0x000001E694A30000-0x000001E694A31000-memory.dmp

Filesize
4KB

Download
memory/544-1-0x00007FF7B6DB0000-0x00007FF7B6E39000-memory.dmp

Filesize
548KB

Download
memory/544-13-0x00007FF7B6DB0000-0x00007FF7B6E39000-memory.dmp

Filesize
548KB

Download