Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08-06-2024 04:44
Behavioral task
behavioral1
Sample
2024-06-08_45019b562b6e532e76174d89b5b91224_cobalt-strike_cobaltstrike.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
2024-06-08_45019b562b6e532e76174d89b5b91224_cobalt-strike_cobaltstrike.exe
-
Size
5.9MB
-
MD5
45019b562b6e532e76174d89b5b91224
-
SHA1
06b22bf98ca42e03ee94ea9fd817edd3a4662e97
-
SHA256
7256e2c3a0aa8c32bad0dc8dacf3a16e65282ae591dc20182d952dfbb31df547
-
SHA512
1bf4c75689f0c8e6acaba4fd0f61ece7b89501dc2d7de825021ad49f88bbae12cc5c05186408617114b3d110a49923c00e1aa712cd7532420cb13506bc23c290
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUj:Q+856utgpPF8u/7j
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3048-0-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp UPX behavioral2/memory/3048-2-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/3048-0-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp xmrig behavioral2/memory/3048-2-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral2/memory/3048-0-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp upx behavioral2/memory/3048-2-0x00007FF69AC40000-0x00007FF69AF94000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-08_45019b562b6e532e76174d89b5b91224_cobalt-strike_cobaltstrike.exedescription pid process Token: SeLockMemoryPrivilege 3048 2024-06-08_45019b562b6e532e76174d89b5b91224_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 3048 2024-06-08_45019b562b6e532e76174d89b5b91224_cobalt-strike_cobaltstrike.exe