Overview

overview

10

Static

static

10

2024-08-13...at.exe

windows7-x64

10

2024-08-13...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 16:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.2MB

  • MD5

    e83089508a4a95d65261552a7398675a

  • SHA1

    df3f4deabf8e0e3643546ba37240c53096462d66

  • SHA256

    38a5ca92fa596d5494a8732a2bd2e8eae2f5ca527babc95e7f23c4c10fee1cd5

  • SHA512

    72862a05ed1c25fb1ade7c901e64b25379ef16834a440efcafc2fcc134fe7072633dd63f1ae520b149d6699f7177f669b41b7980a49c5c7487863e10458a7416

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lv:RWWBibf56utgpPFotBER/mQ32lUT

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 14 IoCs
    miner
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2288

Network

    No results found
  • 3.120.209.58:8080
    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
     3
  • 3.120.209.58:8080
    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
     3
  • 3.120.209.58:8080
    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
     3
  • 3.120.209.58:8080
    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
     3
  • 3.120.209.58:8080
    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
     3
  • 3.120.209.58:8080
    2024-08-13_e83089508a4a95d65261552a7398675a_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
     3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2288-0-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-1-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2288-2-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-3-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-4-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-5-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-6-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-7-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-8-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-9-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-10-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-11-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-12-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-13-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-14-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2288-15-0x000000013F070000-0x000000013F3C1000-memory.dmp

    Filesize

    3.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.