Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-08-2024 14:22
Behavioral task
behavioral1
Sample
2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
32019be7de3a10a8ae2f597844c79c4d
-
SHA1
0a963857b572453349177776e3d09be5182e7422
-
SHA256
69a5d8768a66315f4c9134e7129e3d44f012173c3c9c1767f52b134a6fd68393
-
SHA512
fe2bb842ed8527f60cbdd8804600075d9d61c18139efa25c6950adfa1681b6ff2f5bdb42e07caef74e699f16d73c124ce8103e3a9fae1b1bb61fca9491e9f55c
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU1:T+856utgpPF8u/71
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral1/memory/2372-0-0x000000013FF40000-0x0000000140294000-memory.dmp xmrig behavioral1/memory/2372-2-0x000000013FF40000-0x0000000140294000-memory.dmp xmrig -
resource yara_rule behavioral1/memory/2372-0-0x000000013FF40000-0x0000000140294000-memory.dmp upx behavioral1/memory/2372-2-0x000000013FF40000-0x0000000140294000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2372 2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 2372 2024-08-07_32019be7de3a10a8ae2f597844c79c4d_cobalt-strike_cobaltstrike_poet-rat.exe