xmrig | bcdcc83ada3e32a96a4c566c9c107f20567283b20f13e5795c4a49d1e6020c97

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 10:27

Target

2024-09-02_597dbe3400dcf7b500762c6d57f1b1a2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

597dbe3400dcf7b500762c6d57f1b1a2
SHA1

39bbe35c596a5d01feef44653f941a92da015469
SHA256

bcdcc83ada3e32a96a4c566c9c107f20567283b20f13e5795c4a49d1e6020c97
SHA512

709dad93517e42139e44c57d02295dda8d983d05bff92191923e4563a831d44a87d1ed5d1e6ac616719b50d13b8def6003362c60cd806c50eb5c2f7498b215e3
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUr:T+856utgpPF8u/7r

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/1244-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1244-2-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1244-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1244-2-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1244	2024-09-02_597dbe3400dcf7b500762c6d57f1b1a2_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	1244	2024-09-02_597dbe3400dcf7b500762c6d57f1b1a2_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-02_597dbe3400dcf7b500762c6d57f1b1a2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-02_597dbe3400dcf7b500762c6d57f1b1a2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244

memory/1244-0-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/1244-2-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download