Overview

overview

10

Static

static

10

2024-05-22...ke.exe

windows7-x64

10

2024-05-22...ke.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_177a790b1e88fa49307c5e3d4f75d2aa_cobalt-strike_cobaltstrike.exe

  • Size

    4.6MB

  • MD5

    177a790b1e88fa49307c5e3d4f75d2aa

  • SHA1

    84901086c4cfaac1025b155651e39cba5c386531

  • SHA256

    3c933267e1d858ab65b9b7667650a1026300dfd42e648ace48b90cceb4b543d9

  • SHA512

    97d145505d840274d79e5cb5b557bc77a196fb27b7aa2ec55b4555e0115bef062f7206e2a74a0836ee89b45c6c9f83448c98885956e3a20a2fdb2fbb0c7f0b71

  • SSDEEP

    98304:SW1qiPgxn+cuSuxx8Svt73qq36IdKtVxNw6pUkp3bkbRxmUM:53EnsxxDt73DdKrwapwbpM

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • UPX dump on OEP (original entry point) 2 IoCs
  • XMRig Miner payload 1 IoCs
    miner
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_177a790b1e88fa49307c5e3d4f75d2aa_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_177a790b1e88fa49307c5e3d4f75d2aa_cobalt-strike_cobaltstrike.exe"
    1⤵
      PID:1672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1672-0-0x0000000000400000-0x00000000010B6000-memory.dmp
      Filesize

      12.7MB

      Download
    • memory/1672-1-0x00000000001F0000-0x0000000000200000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1672-6-0x0000000000400000-0x00000000010B6000-memory.dmp
      Filesize

      12.7MB

      Download