xmrig | b13e903df1ff0b27873825827620b055e6380f28079ba41d7b2f71d4f080f1ba

Analysis

max time kernel
131s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 18:02

Target

20240901bf1d7a57787c10e75ab7757f29c96555cobaltstrikecobaltstrikepoetrat.exe
Size

5.9MB
MD5

bf1d7a57787c10e75ab7757f29c96555
SHA1

5e0a6ddf3cc68a8823d4c24b35f91f8cc377516e
SHA256

b13e903df1ff0b27873825827620b055e6380f28079ba41d7b2f71d4f080f1ba
SHA512

5143d64f95ef0859cec20319e86f6b6a67fc53f848468a58a6855967938e4e8c61382a35cef0dc5c4c901d6caf6a42fffe9f3bbe4b74a19b32038a0a29f8c591
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/4368-0-0x00007FF7BF640000-0x00007FF7BF994000-memory.dmp	xmrig
behavioral2/memory/4368-2-0x00007FF7BF640000-0x00007FF7BF994000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4368-0-0x00007FF7BF640000-0x00007FF7BF994000-memory.dmp	upx
behavioral2/memory/4368-2-0x00007FF7BF640000-0x00007FF7BF994000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4368	20240901bf1d7a57787c10e75ab7757f29c96555cobaltstrikecobaltstrikepoetrat.exe
Token: SeLockMemoryPrivilege	4368	20240901bf1d7a57787c10e75ab7757f29c96555cobaltstrikecobaltstrikepoetrat.exe

C:\Users\Admin\AppData\Local\Temp\20240901bf1d7a57787c10e75ab7757f29c96555cobaltstrikecobaltstrikepoetrat.exe
"C:\Users\Admin\AppData\Local\Temp\20240901bf1d7a57787c10e75ab7757f29c96555cobaltstrikecobaltstrikepoetrat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4368

memory/4368-0-0x00007FF7BF640000-0x00007FF7BF994000-memory.dmp

Filesize
3.3MB

Download
memory/4368-1-0x00000217A2330000-0x00000217A2340000-memory.dmp

Filesize
64KB

Download
memory/4368-2-0x00007FF7BF640000-0x00007FF7BF994000-memory.dmp

Filesize
3.3MB

Download