cobaltstrike | 8b84ee1cb9a1026a474dcbc9bf1428f5e1b65b4a260e2d31a9e8e3a962a43f2b

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 10:26

Target

8b84ee1cb9a1026a474dcbc9bf1428f5e1b65b4a260e2d31a9e8e3a962a43f2b.exe
Size

187KB
MD5

79cabd9ea31799d0fc21e2c4e0306c3f
SHA1

32c18c0ea2740ecc75a75105392245e450dee16b
SHA256

8b84ee1cb9a1026a474dcbc9bf1428f5e1b65b4a260e2d31a9e8e3a962a43f2b
SHA512

3146a74f5e6e826211f30d6575b88554993d3c0ffc253827f6195e381972fc2f4125f70715edf6ef76376023f9b9c9c62d6a01481a45f92144836213619675c4
SSDEEP

3072:v11TA08lyDDnOgAUVKuKYYqVBrWKiqq9Iii:QyDDOWW/n

Score

10^/10

Family

cobaltstrike

http://192.168.116.129:930/Xbr1

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\8b84ee1cb9a1026a474dcbc9bf1428f5e1b65b4a260e2d31a9e8e3a962a43f2b.exe
"C:\Users\Admin\AppData\Local\Temp\8b84ee1cb9a1026a474dcbc9bf1428f5e1b65b4a260e2d31a9e8e3a962a43f2b.exe"
1⤵
PID:2248

memory/2248-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2248-1-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download