Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2024 14:22

General

  • Target

    2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.9MB

  • MD5

    32019be7de3a10a8ae2f597844c79c4d

  • SHA1

    0a963857b572453349177776e3d09be5182e7422

  • SHA256

    69a5d8768a66315f4c9134e7129e3d44f012173c3c9c1767f52b134a6fd68393

  • SHA512

    fe2bb842ed8527f60cbdd8804600075d9d61c18139efa25c6950adfa1681b6ff2f5bdb42e07caef74e699f16d73c124ce8103e3a9fae1b1bb61fca9491e9f55c

  • SSDEEP

    98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU1:T+856utgpPF8u/71

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2372-0-0x000000013FF40000-0x0000000140294000-memory.dmp

    Filesize

    3.3MB

  • memory/2372-1-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

  • memory/2372-2-0x000000013FF40000-0x0000000140294000-memory.dmp

    Filesize

    3.3MB