xmrig | ef2d3992a3f9d64c02e4da91238337183a1730a7b79c5078e9ffc05276eb1b2b

Analysis

max time kernel
132s
max time network
141s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 15:12

Target

20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe
Size

5.9MB
MD5

983a2b77e208ea9938635ec41848b60d
SHA1

6df003e8ca64c91f5054e4ed731339212545cbe5
SHA256

ef2d3992a3f9d64c02e4da91238337183a1730a7b79c5078e9ffc05276eb1b2b
SHA512

46a4966aab51ddcedc5bcd570dda9150c05c39b35959d25794fb5207de7760c2539c40afa0cba8aa5ca9da87d9595dad390090dd301ec675b279920b0e946d1c
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU5:T+856utgpPF8u/75

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/1172-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1172-2-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1172-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1172-2-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1172	20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe
Token: SeLockMemoryPrivilege	1172	20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe

C:\Users\Admin\AppData\Local\Temp\20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe
"C:\Users\Admin\AppData\Local\Temp\20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1172

memory/1172-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1172-2-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download