cobaltstrike | abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
26-06-2024 09:32

Target

abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
Size

10KB
MD5

c996652ed5d8d3ae1df5c86f4fb6f408
SHA1

3fad36b05ff4d7c50adba5bd9db2c8193ecb7315
SHA256

abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1
SHA512

66910118a53bbcff8119d934312e4e36d6b8f939f658f9246ccf3c31c8ecface6379e5b87eac5db5e522a72baf42fab3c8b466e50b4c06e4d4f4d6f6168bada3
SSDEEP

192:KLUsTjCPem2jFFQC+GKQA9naMLxDYJY3rMme9AAWk2:tsTjCYj+GZmxDwsAme52

Score

10^/10

Family

cobaltstrike

http://192.168.168.10:80/RHlW

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

behavioral1/memory/1916-0-0x0000000000400000-0x000000000040F000-memory.dmp upx
behavioral1/memory/1916-2-0x0000000000400000-0x000000000040F000-memory.dmp upx

resource	yara_rule
behavioral1/memory/1916-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1916-2-0x0000000000400000-0x000000000040F000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
"C:\Users\Admin\AppData\Local\Temp\abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe"
1⤵
PID:1916

memory/1916-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1916-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1916-2-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download