Analysis
-
max time kernel
140s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-08-2024 14:28
Behavioral task
behavioral1
Sample
2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.2MB
-
MD5
b9d5d6f0c3ba96a2671774f562aaecee
-
SHA1
734a126c28db7d8b49624955ee1247dd7b61e6cb
-
SHA256
70259c82a303507c313ce43ee6d5840429b5c1e90109594adb3b4ddfe8405f29
-
SHA512
9b2a0672759a9bfc2a331df853b91248946a21a6c53f8d2cd6e2bf6ec5718a5e67a6a0ceade9e8d41866fbd43400a1f8418245807c4dfa73cd35cbf2abd899fb
-
SSDEEP
49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l0:RWWBibf56utgpPFotBER/mQ32lUg
Malware Config
Signatures
-
XMRig Miner payload 14 IoCs
resource yara_rule behavioral1/memory/2640-2-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-3-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-4-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-5-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-6-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-7-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-8-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-9-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-10-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-11-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-12-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-13-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-14-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig behavioral1/memory/2640-15-0x000000013F4D0000-0x000000013F821000-memory.dmp xmrig -
resource yara_rule behavioral1/memory/2640-0-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-2-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-3-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-4-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-5-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-6-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-7-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-8-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-9-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-10-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-11-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-12-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-13-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-14-0x000000013F4D0000-0x000000013F821000-memory.dmp upx behavioral1/memory/2640-15-0x000000013F4D0000-0x000000013F821000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2640 2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 2640 2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe