Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-06-2024 01:20
Behavioral task
behavioral1
Sample
2024-06-01_a1b165cebf9b85ae8f7e10cecd7a4ade_cobalt-strike_cobaltstrike.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
2024-06-01_a1b165cebf9b85ae8f7e10cecd7a4ade_cobalt-strike_cobaltstrike.exe
-
Size
6.0MB
-
MD5
a1b165cebf9b85ae8f7e10cecd7a4ade
-
SHA1
e4667ce957adf913c350a69eb333755ddf2dcf8e
-
SHA256
3bc8a1e96bc8a5aafd2ac77ac6dc450fd16f91cdaea996d42917b9dcf4d78b1e
-
SHA512
352567eefb86cf6d03631de8a5ae57ad5dadf294495ca5abea6b3280e72334bacde61e1af19250b041e9de953b58d9efdf421637bb56bae47332484be406b888
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUU:T+856utgpPF8u/7U
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
resource yara_rule behavioral1/memory/1424-1-0x000000013F830000-0x000000013FB84000-memory.dmp UPX behavioral1/memory/1424-2-0x000000013F830000-0x000000013FB84000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
resource yara_rule behavioral1/memory/1424-1-0x000000013F830000-0x000000013FB84000-memory.dmp xmrig behavioral1/memory/1424-2-0x000000013F830000-0x000000013FB84000-memory.dmp xmrig -
resource yara_rule behavioral1/memory/1424-1-0x000000013F830000-0x000000013FB84000-memory.dmp upx behavioral1/memory/1424-2-0x000000013F830000-0x000000013FB84000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1424 2024-06-01_a1b165cebf9b85ae8f7e10cecd7a4ade_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 1424 2024-06-01_a1b165cebf9b85ae8f7e10cecd7a4ade_cobalt-strike_cobaltstrike.exe