xmrig | 3c933267e1d858ab65b9b7667650a1026300dfd42e648ace48b90cceb4b543d9

Analysis

max time kernel
133s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 18:13

Target

20240522177a790b1e88fa49307c5e3d4f75d2aacobaltstrikecobaltstrike.exe
Size

4.6MB
MD5

177a790b1e88fa49307c5e3d4f75d2aa
SHA1

84901086c4cfaac1025b155651e39cba5c386531
SHA256

3c933267e1d858ab65b9b7667650a1026300dfd42e648ace48b90cceb4b543d9
SHA512

97d145505d840274d79e5cb5b557bc77a196fb27b7aa2ec55b4555e0115bef062f7206e2a74a0836ee89b45c6c9f83448c98885956e3a20a2fdb2fbb0c7f0b71
SSDEEP

98304:SW1qiPgxn+cuSuxx8Svt73qq36IdKtVxNw6pUkp3bkbRxmUM:53EnsxxDt73DdKrwapwbpM

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3292-7-0x0000000000400000-0x00000000010B6000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/3292-0-0x0000000000400000-0x00000000010B6000-memory.dmp	upx
behavioral2/memory/3292-7-0x0000000000400000-0x00000000010B6000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\20240522177a790b1e88fa49307c5e3d4f75d2aacobaltstrikecobaltstrike.exe
"C:\Users\Admin\AppData\Local\Temp\20240522177a790b1e88fa49307c5e3d4f75d2aacobaltstrikecobaltstrike.exe"
1⤵
PID:3292

memory/3292-0-0x0000000000400000-0x00000000010B6000-memory.dmp

Filesize
12.7MB

Download
memory/3292-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3292-7-0x0000000000400000-0x00000000010B6000-memory.dmp

Filesize
12.7MB

Download