xmrig | 3e44c851ba43b0719ba410de77d895290cf339e16add2f07ffc47a8e3fcba009

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 10:46

Target

2024-09-03_ad04ddde920025fe45dcc9d3935bb0d5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

ad04ddde920025fe45dcc9d3935bb0d5
SHA1

cf28ec948ee14e52086359ea6688f75965e2f4e2
SHA256

3e44c851ba43b0719ba410de77d895290cf339e16add2f07ffc47a8e3fcba009
SHA512

8d39578526221c4aa5c09ec6b6afe04025169a85e924ff23a85e53839fe87e16f9a2f5e3208d660015fd2ed89d146616ed210c386b2f990eee7bb9673bf6c5c3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/2096-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2096-2-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2096-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2096-2-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2096	2024-09-03_ad04ddde920025fe45dcc9d3935bb0d5_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	2096	2024-09-03_ad04ddde920025fe45dcc9d3935bb0d5_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-03_ad04ddde920025fe45dcc9d3935bb0d5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-03_ad04ddde920025fe45dcc9d3935bb0d5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2096

memory/2096-0-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2096-2-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download