Analysis
-
max time kernel
131s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-08-2024 15:21
Behavioral task
behavioral1
Sample
2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
f526c15b930118882235933113f01e2b
-
SHA1
1feab9ed2447aab0b8da4c0bf162894de0ab4af5
-
SHA256
bae06e1a32173fc9bab0a623f61a8f33383002b68485df7da13081381f533443
-
SHA512
114c67201efafde7c7cd0b8c2c91296fd7c44da806b92074c9e97487a14a955871c40150f2406cb583b660183f8a0f69601fc9bddadc7dd1da3fa6b6f2caca11
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUl:T+856utgpPF8u/7l
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral2/memory/2904-0-0x00007FF7ED490000-0x00007FF7ED7E4000-memory.dmp xmrig behavioral2/memory/2904-2-0x00007FF7ED490000-0x00007FF7ED7E4000-memory.dmp xmrig -
resource yara_rule behavioral2/memory/2904-0-0x00007FF7ED490000-0x00007FF7ED7E4000-memory.dmp upx behavioral2/memory/2904-2-0x00007FF7ED490000-0x00007FF7ED7E4000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2904 2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 2904 2024-08-07_f526c15b930118882235933113f01e2b_cobalt-strike_cobaltstrike_poet-rat.exe