Overview

overview

10

Static

static

10

2024-08-10...at.exe

windows7-x64

10

2024-08-10...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/08/2024, 18:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-10_c827f8f985c8fe0acf7dd309ef9d7a5e_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.9MB

  • MD5

    c827f8f985c8fe0acf7dd309ef9d7a5e

  • SHA1

    9f6be4fc220b3f6ea20c30bcc54f3a8a020c1908

  • SHA256

    2475c4e225cf8a56de2356175a9830d20965bfb84ba9d4a9c2951f99a4cf15d6

  • SHA512

    85d5aaf98f2d5bba37d99396e38f4de073d55d96b705971c30ee6c4d3be37a0e257bfa6edc8f9e995b880f4cddc3d3416580e88e795486e167d1a42f1dc9bb4e

  • SSDEEP

    98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUn:T+856utgpPF8u/7n

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 2 IoCs
    miner
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-10_c827f8f985c8fe0acf7dd309ef9d7a5e_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-10_c827f8f985c8fe0acf7dd309ef9d7a5e_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3780

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3780-0-0x00007FF7D8500000-0x00007FF7D8854000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3780-1-0x00000245AE860000-0x00000245AE870000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3780-2-0x00007FF7D8500000-0x00007FF7D8854000-memory.dmp

          Filesize

          3.3MB

          Download