Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-08-2024 14:28
Behavioral task
behavioral1
Sample
2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.2MB
-
MD5
b9d5d6f0c3ba96a2671774f562aaecee
-
SHA1
734a126c28db7d8b49624955ee1247dd7b61e6cb
-
SHA256
70259c82a303507c313ce43ee6d5840429b5c1e90109594adb3b4ddfe8405f29
-
SHA512
9b2a0672759a9bfc2a331df853b91248946a21a6c53f8d2cd6e2bf6ec5718a5e67a6a0ceade9e8d41866fbd43400a1f8418245807c4dfa73cd35cbf2abd899fb
-
SSDEEP
49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l0:RWWBibf56utgpPFotBER/mQ32lUg
Malware Config
Signatures
-
XMRig Miner payload 14 IoCs
resource yara_rule behavioral2/memory/1512-2-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-3-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-4-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-5-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-6-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-7-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-8-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-9-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-10-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-11-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-12-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-13-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-14-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig behavioral2/memory/1512-15-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp xmrig -
resource yara_rule behavioral2/memory/1512-0-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-2-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-3-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-4-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-5-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-6-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-7-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-8-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-9-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-10-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-11-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-12-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-13-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-14-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx behavioral2/memory/1512-15-0x00007FF67DE50000-0x00007FF67E1A1000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1512 2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 1512 2024-08-07_b9d5d6f0c3ba96a2671774f562aaecee_cobalt-strike_cobaltstrike_poet-rat.exe