Analysis
-
max time kernel
133s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 14:31
Behavioral task
behavioral1
Sample
2024-06-06_9f1a8df854f3c753d8f93e7839aba93d_cobalt-strike_cobaltstrike.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
2024-06-06_9f1a8df854f3c753d8f93e7839aba93d_cobalt-strike_cobaltstrike.exe
-
Size
6.0MB
-
MD5
9f1a8df854f3c753d8f93e7839aba93d
-
SHA1
5cffbe16438147fdf4a26ee9627c974f733a300e
-
SHA256
f004052369b10080aa4d6dfc3298422f9d25deb8f606d93ffdab40cdc460ad85
-
SHA512
1577b34fe2f899ff26186c586006577d054726cef5946122f6ecf2511bf8e1cf9f6075ec7dc9841810f2f115f6f2881258b27f5a41945e71a0eb896f4c015a3a
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUy:T+856utgpPF8u/7y
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral1/memory/624-1-0x000000013F4B0000-0x000000013F804000-memory.dmp UPX behavioral1/memory/624-2-0x000000013F4B0000-0x000000013F804000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/624-1-0x000000013F4B0000-0x000000013F804000-memory.dmp xmrig behavioral1/memory/624-2-0x000000013F4B0000-0x000000013F804000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral1/memory/624-1-0x000000013F4B0000-0x000000013F804000-memory.dmp upx behavioral1/memory/624-2-0x000000013F4B0000-0x000000013F804000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-06_9f1a8df854f3c753d8f93e7839aba93d_cobalt-strike_cobaltstrike.exedescription pid process Token: SeLockMemoryPrivilege 624 2024-06-06_9f1a8df854f3c753d8f93e7839aba93d_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 624 2024-06-06_9f1a8df854f3c753d8f93e7839aba93d_cobalt-strike_cobaltstrike.exe