Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 13:25

General

  • Target

    2024-05-25_79dff4d84fc0536fc04e9b139cd04ebe_cobalt-strike_cobaltstrike_xmrig.exe

  • Size

    12.8MB

  • MD5

    79dff4d84fc0536fc04e9b139cd04ebe

  • SHA1

    144e525cbafdf6a93d51622403a584a7a2b61fac

  • SHA256

    a4f65e813450869a86129b8e1d468e4a686672988f14d9cfa2dc54e0b08eab0c

  • SHA512

    e441c6594b09dd8c6893b80cc1e4ec81d2dd505163bfc57d6dbbb2e14106ac4b5a36e82240c6c7fdd976a3f7169f98e35cd515912c3d7240d074efe0926fbea7

  • SSDEEP

    196608:u2XrSIqtPazmgL7uDbzVXUHXUXEOZmPOEDkfsLKb:uaWIPyquDBZtmPfkfn

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • XMRig Miner payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-25_79dff4d84fc0536fc04e9b139cd04ebe_cobalt-strike_cobaltstrike_xmrig.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-25_79dff4d84fc0536fc04e9b139cd04ebe_cobalt-strike_cobaltstrike_xmrig.exe"
    1⤵
      PID:4092

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4092-0-0x00000000013C0000-0x00000000013D0000-memory.dmp

      Filesize

      64KB

    • memory/4092-5-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB