Overview

overview

10

Static

static

10

2024-01-08...ke.exe

windows7-x64

10

2024-01-08...ke.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-08_6eb8256a80606d7baaad352f11b6b667_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    6eb8256a80606d7baaad352f11b6b667

  • SHA1

    6f70760716395cd1ccb21a5bdd0593e481d8f1aa

  • SHA256

    b9671e0fd26205896114e00ec6650b3437f76ff5f285ac405ac58bc8d87ca6cc

  • SHA512

    936edca7db76fdf9743d629c74a81054727150f0a7ea6def0603bf2c98f61f14fcb78f51f3f684344bb6efdb57fcb95951b4c241230bacb22e8aab77b54ed26d

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lM:RWWBibf56utgpPFotBER/mQ32lUY

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 38 IoCs
    miner
  • Executes dropped EXE 21 IoCs
  • UPX packed file 47 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Windows\System\OcOCYep.exe
    C:\Windows\System\OcOCYep.exe
    1⤵
    • Executes dropped EXE
    PID:1204
  • C:\Windows\System\tnDaqyN.exe
    C:\Windows\System\tnDaqyN.exe
    1⤵
    • Executes dropped EXE
    PID:1420
  • C:\Windows\System\fHERPIL.exe
    C:\Windows\System\fHERPIL.exe
    1⤵
    • Executes dropped EXE
    PID:4604
  • C:\Windows\System\KwUzSrE.exe
    C:\Windows\System\KwUzSrE.exe
    1⤵
    • Executes dropped EXE
    PID:2884
  • C:\Windows\System\ueuqOob.exe
    C:\Windows\System\ueuqOob.exe
    1⤵
    • Executes dropped EXE
    PID:4716
  • C:\Windows\System\KKiidYM.exe
    C:\Windows\System\KKiidYM.exe
    1⤵
    • Executes dropped EXE
    PID:2040
  • C:\Windows\System\cLTxivg.exe
    C:\Windows\System\cLTxivg.exe
    1⤵
    • Executes dropped EXE
    PID:2888
  • C:\Windows\System\jsYjToZ.exe
    C:\Windows\System\jsYjToZ.exe
    1⤵
    • Executes dropped EXE
    PID:5056
  • C:\Windows\System\HmPSnvk.exe
    C:\Windows\System\HmPSnvk.exe
    1⤵
    • Executes dropped EXE
    PID:4780
  • C:\Windows\System\HWCZnyf.exe
    C:\Windows\System\HWCZnyf.exe
    1⤵
    • Executes dropped EXE
    PID:2580
  • C:\Windows\System\NwZarxD.exe
    C:\Windows\System\NwZarxD.exe
    1⤵
    • Executes dropped EXE
    PID:5116
  • C:\Windows\System\fFmGvRs.exe
    C:\Windows\System\fFmGvRs.exe
    1⤵
    • Executes dropped EXE
    PID:4276
  • C:\Windows\System\TgIRJYs.exe
    C:\Windows\System\TgIRJYs.exe
    1⤵
    • Executes dropped EXE
    PID:1648
  • C:\Windows\System\DzwhdbV.exe
    C:\Windows\System\DzwhdbV.exe
    1⤵
    • Executes dropped EXE
    PID:3936
  • C:\Windows\System\HVdpYHF.exe
    C:\Windows\System\HVdpYHF.exe
    1⤵
    • Executes dropped EXE
    PID:3056
  • C:\Windows\System\VUxdGvE.exe
    C:\Windows\System\VUxdGvE.exe
    1⤵
    • Executes dropped EXE
    PID:2388
  • C:\Windows\System\OOoJCBO.exe
    C:\Windows\System\OOoJCBO.exe
    1⤵
    • Executes dropped EXE
    PID:4964
  • C:\Windows\System\FvQRosz.exe
    C:\Windows\System\FvQRosz.exe
    1⤵
    • Executes dropped EXE
    PID:3428
  • C:\Windows\System\PVImEGS.exe
    C:\Windows\System\PVImEGS.exe
    1⤵
    • Executes dropped EXE
    PID:3200
  • C:\Windows\System\pmWuzqG.exe
    C:\Windows\System\pmWuzqG.exe
    1⤵
    • Executes dropped EXE
    PID:4472
  • C:\Windows\System\Chysstw.exe
    C:\Windows\System\Chysstw.exe
    1⤵
    • Executes dropped EXE
    PID:3176
  • C:\Users\Admin\AppData\Local\Temp\2024-01-08_6eb8256a80606d7baaad352f11b6b667_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-08_6eb8256a80606d7baaad352f11b6b667_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\HWCZnyf.exe
    Filesize

    3.8MB

    MD5

    c074e8340d5b9e17ddc02169c5b4661e

    SHA1

    55ca66120c91a09e6b345030b00475ab5edfec6f

    SHA256

    a088a10148e4bc35ef62919eb366d1c0ecbfa1bfcc5c400f69217d6d53630c7f

    SHA512

    500613710f26eb7e4cb8a17d36faec64b3b0144b574550ba2210d7425ef9344f80e058c818952d73ed31ad4ddcbf20ba1095d904f8c287c552710ef30dd5a715

    Download Submit

  • C:\Windows\System\HWCZnyf.exe
    Filesize

    3.6MB

    MD5

    ce5097fb2f3b586c3ea08e1c571fedce

    SHA1

    ddeaae0dc17356fdad65c4ad6b13cf50f2c35ef1

    SHA256

    fccd11bf65a78fb3ef0ae972014ca29ece30f2f5e24193147b2dcb89b06d8121

    SHA512

    9433ec83d1a700da48e0adf796807e815235daad59899cd16bc5d45d4f1834fcfb98d709443f9827b8f0173fcf6912dfc3b2acbeac2b0b9a2489a840e1895c59

    Download Submit

  • C:\Windows\System\HmPSnvk.exe
    Filesize

    3.4MB

    MD5

    1c87b9a71ced9d27470709308e26ed5d

    SHA1

    a9251ad50b393692c932c5f89a984bf724d9a1cd

    SHA256

    96c450813a50bfaaa118109077b3408374981a18126a269784bd1633280ce402

    SHA512

    e27dd48f332adbb32cf18e37d7d01fa6e98607ce424512492d6c9bbb4343d294719b4da4a7d6a1fb3eabd3cee6fe07e15a0bc0ac6ad7a27cdd7634f9e63d6123

    Download Submit

  • C:\Windows\System\HmPSnvk.exe
    Filesize

    4.1MB

    MD5

    518cbf579e8f67c8dabff23ba34c52f8

    SHA1

    edf4c0a0e9adad31640eda9233acd5b63b70db95

    SHA256

    0e8ac9b3ab5b7ed9a331fb33209df325f0645d7d40bd4f5663ea06fea5ca179a

    SHA512

    5ee9af93f02491272136bb92807c08034a6901d898eb1df1686456187e37b26273bc100fddf436aaf597cf8b5d5d4394a085d9a6158222f7518183378c8d8ed9

    Download Submit

  • C:\Windows\System\NwZarxD.exe
    Filesize

    2.2MB

    MD5

    b4aa95aa07d0476c8e1e42ea0c1ae073

    SHA1

    49b2178e23a7926203db1b86f3494cbcacb1700e

    SHA256

    23c064907e87b735197f482cfeeba0fbd43d6f4a85d9074f4768c09bc74657eb

    SHA512

    97cb8ca5c7a83c24ad58f19a0abc8d67d95b700e1796624b0843c35c588781ecbe4b74fbfc148bf991f7bad3316df30aa3a0540ca9d6beba33eaa7f26866c0d5

    Download Submit

  • C:\Windows\System\jsYjToZ.exe
    Filesize

    3.3MB

    MD5

    1b8ae3bf37a812fe38c701513fe051f8

    SHA1

    f609678d3a1f5e66a284db0b5a02d6fb3abfd52e

    SHA256

    a0e719454e53c820552a7f987d8c488d90c41b83e9aa4e449147d253dbc410d3

    SHA512

    9fd35da73b8867e4b9460cf3b79ebdbe23097bb9218d0bc36cc9c5d563c91acc60c4ebad53d6c5f808557815c8391a9966f421be098046d7bb115ae682528c14

    Download Submit

  • memory/1204-216-0x00007FF782E90000-0x00007FF7831E1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1204-8-0x00007FF782E90000-0x00007FF7831E1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1204-129-0x00007FF782E90000-0x00007FF7831E1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1420-130-0x00007FF69DFB0000-0x00007FF69E301000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1420-218-0x00007FF69DFB0000-0x00007FF69E301000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1420-14-0x00007FF69DFB0000-0x00007FF69E301000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1648-245-0x00007FF679EE0000-0x00007FF67A231000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1648-126-0x00007FF679EE0000-0x00007FF67A231000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2040-233-0x00007FF724CF0000-0x00007FF725041000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2040-142-0x00007FF724CF0000-0x00007FF725041000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2040-68-0x00007FF724CF0000-0x00007FF725041000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2388-239-0x00007FF7A5670000-0x00007FF7A59C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2388-89-0x00007FF7A5670000-0x00007FF7A59C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2580-255-0x00007FF7BD210000-0x00007FF7BD561000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2580-124-0x00007FF7BD210000-0x00007FF7BD561000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2612-133-0x00007FF6DFB50000-0x00007FF6DFEA1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2612-120-0x00007FF6DFB50000-0x00007FF6DFEA1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2612-155-0x00007FF6DFB50000-0x00007FF6DFEA1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2612-0-0x00007FF6DFB50000-0x00007FF6DFEA1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2612-1-0x000002651BFA0000-0x000002651BFB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2884-137-0x00007FF72B480000-0x00007FF72B7D1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2884-25-0x00007FF72B480000-0x00007FF72B7D1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2884-222-0x00007FF72B480000-0x00007FF72B7D1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2888-108-0x00007FF687570000-0x00007FF6878C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2888-243-0x00007FF687570000-0x00007FF6878C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3056-240-0x00007FF63C4A0000-0x00007FF63C7F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3056-99-0x00007FF63C4A0000-0x00007FF63C7F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3176-224-0x00007FF6CCBA0000-0x00007FF6CCEF1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3176-36-0x00007FF6CCBA0000-0x00007FF6CCEF1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3176-132-0x00007FF6CCBA0000-0x00007FF6CCEF1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3200-55-0x00007FF74E0C0000-0x00007FF74E411000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3200-230-0x00007FF74E0C0000-0x00007FF74E411000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3200-141-0x00007FF74E0C0000-0x00007FF74E411000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-238-0x00007FF75F6A0000-0x00007FF75F9F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-143-0x00007FF75F6A0000-0x00007FF75F9F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3428-76-0x00007FF75F6A0000-0x00007FF75F9F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3936-117-0x00007FF649590000-0x00007FF6498E1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3936-246-0x00007FF649590000-0x00007FF6498E1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4276-127-0x00007FF71E880000-0x00007FF71EBD1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4276-248-0x00007FF71E880000-0x00007FF71EBD1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4472-50-0x00007FF739AA0000-0x00007FF739DF1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4472-140-0x00007FF739AA0000-0x00007FF739DF1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4472-228-0x00007FF739AA0000-0x00007FF739DF1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4604-131-0x00007FF73CEA0000-0x00007FF73D1F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4604-20-0x00007FF73CEA0000-0x00007FF73D1F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4604-220-0x00007FF73CEA0000-0x00007FF73D1F1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4716-226-0x00007FF6BA2D0000-0x00007FF6BA621000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4716-43-0x00007FF6BA2D0000-0x00007FF6BA621000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4780-256-0x00007FF62F9C0000-0x00007FF62FD11000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4780-125-0x00007FF62F9C0000-0x00007FF62FD11000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4964-234-0x00007FF6C31C0000-0x00007FF6C3511000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4964-84-0x00007FF6C31C0000-0x00007FF6C3511000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/5056-252-0x00007FF7EF350000-0x00007FF7EF6A1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/5056-123-0x00007FF7EF350000-0x00007FF7EF6A1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/5116-250-0x00007FF633FB0000-0x00007FF634301000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/5116-128-0x00007FF633FB0000-0x00007FF634301000-memory.dmp

    Filesize

    3.3MB

    Download