Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 15:12
General
-
Target
20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe
-
Size
5.9MB
-
MD5
983a2b77e208ea9938635ec41848b60d
-
SHA1
6df003e8ca64c91f5054e4ed731339212545cbe5
-
SHA256
ef2d3992a3f9d64c02e4da91238337183a1730a7b79c5078e9ffc05276eb1b2b
-
SHA512
46a4966aab51ddcedc5bcd570dda9150c05c39b35959d25794fb5207de7760c2539c40afa0cba8aa5ca9da87d9595dad390090dd301ec675b279920b0e946d1c
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU5:T+856utgpPF8u/75
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe"C:\Users\Admin\AppData\Local\Temp\20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.3MB
-
Filesize
64KB
-
Filesize
3.3MB