cobaltstrike | 7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 11:21

Target

7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20.exe
Size

304KB
MD5

96a09343964afbd5c40b031d97520c44
SHA1

c5deb3f4f0e922e21baf74d19c1ff61c6777b7a3
SHA256

7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20
SHA512

0a3349ac93f49f9dcb331174ca5da02b7582dc224507bd1e906b9441ba1d11c8958f843cbd2aed361b5e9b2fdf6bb22e891bbd242e6ecdfb429c9cae511e8c83
SSDEEP

3072:1lQLLq0b9tGLhcjgYkqMU5yEKvdtpgpe9zFmekFO015k6rJOoY46N5GGeL2KZPZ3:1lw21mhk247vdtpkUohsGGvKZPZh5

Score

10^/10

Family

cobaltstrike

http://1.116.96.210:9443/api/2

Attributes

user_agent
Host: sts.tencentcloudapi.tk User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4232	7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20.exe
4232	7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20.exe

C:\Users\Admin\AppData\Local\Temp\7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20.exe
"C:\Users\Admin\AppData\Local\Temp\7f22e09302a2c5224b595e16adfe1d47504daf66536371e3b1baf2d5d57f7b20.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4232

memory/4232-0-0x000002349D9A0000-0x000002349D9A1000-memory.dmp

Filesize
4KB

Download
memory/4232-1-0x000002349D7B0000-0x000002349D7B1000-memory.dmp

Filesize
4KB

Download