Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 15:31

General

  • Target

    2024-06-06_5b840807e47bae268d054feda89bee0e_cobalt-strike_cobaltstrike_xmrig.exe

  • Size

    11.5MB

  • MD5

    5b840807e47bae268d054feda89bee0e

  • SHA1

    736c159e97e039434a849793ca2a4ef60a91cbd8

  • SHA256

    b0239486d8fc97a2f3eb5f612c2f4dfce7ebe6dd190c7a044937a7486e42d578

  • SHA512

    b58c28a47f47f231a204d489be892808dc9a30ccdb229101d7c6828cec3b86dbee7bd60c18dc6346a065a48910822c34890ac0fb17d677f9f5e49ddf54b169ef

  • SSDEEP

    196608:m2XrSIqtPazmgL7uDbzV0xpZr8o37nmPQLi7gCsLz5:maWIPyquDCzzmPfgCY

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • XMRig Miner payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-06_5b840807e47bae268d054feda89bee0e_cobalt-strike_cobaltstrike_xmrig.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-06_5b840807e47bae268d054feda89bee0e_cobalt-strike_cobaltstrike_xmrig.exe"
    1⤵
      PID:4000

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4000-0-0x00000000001F0000-0x0000000000200000-memory.dmp

      Filesize

      64KB

    • memory/4000-7-0x0000000000400000-0x00000000010B2000-memory.dmp

      Filesize

      12.7MB