Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
07-08-2024 15:21
Behavioral task
behavioral1
Sample
2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
f526c15b930118882235933113f01e2b
-
SHA1
1feab9ed2447aab0b8da4c0bf162894de0ab4af5
-
SHA256
bae06e1a32173fc9bab0a623f61a8f33383002b68485df7da13081381f533443
-
SHA512
114c67201efafde7c7cd0b8c2c91296fd7c44da806b92074c9e97487a14a955871c40150f2406cb583b660183f8a0f69601fc9bddadc7dd1da3fa6b6f2caca11
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUl:T+856utgpPF8u/7l
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral1/memory/2380-0-0x000000013FFB0000-0x0000000140304000-memory.dmp xmrig behavioral1/memory/2380-2-0x000000013FFB0000-0x0000000140304000-memory.dmp xmrig -
resource yara_rule behavioral1/memory/2380-0-0x000000013FFB0000-0x0000000140304000-memory.dmp upx behavioral1/memory/2380-2-0x000000013FFB0000-0x0000000140304000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2380 2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 2380 2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe