xmrig | 18d29f71eed6fc37270580376dacb40773349abcf6a0b60c2758263708c4fe9a

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 02:25

Target

2024-08-25_e854271c3c0aa1c4f6a365e8117e1506_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

e854271c3c0aa1c4f6a365e8117e1506
SHA1

8420ee8e07ef0123d56d590f64e59cd1c13f2615
SHA256

18d29f71eed6fc37270580376dacb40773349abcf6a0b60c2758263708c4fe9a
SHA512

a46b6ef486376b09b0c5aceb3c024432ce710b72edfd6baf6d0417d2c32e1dba05cefd850a1d55330dc29d1ccc6a8dc52f972c0110a34485a5835cc4d6858d82
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUC:T+856utgpPF8u/7C

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/2416-1-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2416-2-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2416-1-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2416-2-0x000000013FD20000-0x0000000140074000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2416	2024-08-25_e854271c3c0aa1c4f6a365e8117e1506_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	2416	2024-08-25_e854271c3c0aa1c4f6a365e8117e1506_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-08-25_e854271c3c0aa1c4f6a365e8117e1506_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-25_e854271c3c0aa1c4f6a365e8117e1506_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2416

memory/2416-1-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2416-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2416-2-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download