Analysis
-
max time kernel
134s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 13:47
Behavioral task
behavioral1
Sample
2024-06-06_649b7b4fdf476cffecfc33805a729ccc_cobalt-strike_cobaltstrike.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
2024-06-06_649b7b4fdf476cffecfc33805a729ccc_cobalt-strike_cobaltstrike.exe
-
Size
5.9MB
-
MD5
649b7b4fdf476cffecfc33805a729ccc
-
SHA1
a8a84049fcfceb877a1ce464a803e56d1028cbbd
-
SHA256
c41317d976e10da0e9e18b1d7caf8d7f8b4ed26580b4d47cba477b057d3b0c3e
-
SHA512
97d685af98969736ca59cc97067101602dee96c3c24f1ecfdf26e6fc050642d5d9c4322c0e1d9770dbea2ca87be6816f3f678c40d957a4db9a6a26baa2a433f4
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUV:T+856utgpPF8u/7V
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1704-0-0x000000013F0F0000-0x000000013F444000-memory.dmp UPX behavioral1/memory/1704-2-0x000000013F0F0000-0x000000013F444000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1704-0-0x000000013F0F0000-0x000000013F444000-memory.dmp xmrig behavioral1/memory/1704-2-0x000000013F0F0000-0x000000013F444000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral1/memory/1704-0-0x000000013F0F0000-0x000000013F444000-memory.dmp upx behavioral1/memory/1704-2-0x000000013F0F0000-0x000000013F444000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-06_649b7b4fdf476cffecfc33805a729ccc_cobalt-strike_cobaltstrike.exedescription pid process Token: SeLockMemoryPrivilege 1704 2024-06-06_649b7b4fdf476cffecfc33805a729ccc_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 1704 2024-06-06_649b7b4fdf476cffecfc33805a729ccc_cobalt-strike_cobaltstrike.exe