Analysis
-
max time kernel
132s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-06-2024 00:59
Behavioral task
behavioral1
Sample
2024-06-01_6fffed8deb3c3959a331af899ab57fcd_cobalt-strike_cobaltstrike.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
2024-06-01_6fffed8deb3c3959a331af899ab57fcd_cobalt-strike_cobaltstrike.exe
-
Size
6.0MB
-
MD5
6fffed8deb3c3959a331af899ab57fcd
-
SHA1
9295b37729a6e8aa2214ec29277256861746a13a
-
SHA256
9ef65e9afeec2ceac8dacaddbd41aefe4738fcaf7f5b18a416b25b2a08b99649
-
SHA512
e81c1725ffee535254481a7f1cea15f13d2c8a123db16ac7da15e8a92d0b4b3d73dab1216f8802bd00f5f5fe06a74c62095a88f248cb29268dd18bd6a82516d2
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUl:T+856utgpPF8u/7l
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
resource yara_rule behavioral1/memory/2856-0-0x000000013FF90000-0x00000001402E4000-memory.dmp UPX behavioral1/memory/2856-2-0x000000013FF90000-0x00000001402E4000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
resource yara_rule behavioral1/memory/2856-0-0x000000013FF90000-0x00000001402E4000-memory.dmp xmrig behavioral1/memory/2856-2-0x000000013FF90000-0x00000001402E4000-memory.dmp xmrig -
resource yara_rule behavioral1/memory/2856-0-0x000000013FF90000-0x00000001402E4000-memory.dmp upx behavioral1/memory/2856-2-0x000000013FF90000-0x00000001402E4000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2856 2024-06-01_6fffed8deb3c3959a331af899ab57fcd_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 2856 2024-06-01_6fffed8deb3c3959a331af899ab57fcd_cobalt-strike_cobaltstrike.exe