Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/09/2024, 15:12
Behavioral task
behavioral1
Sample
20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe
Resource
win7-20240708-en
4 signatures
150 seconds
General
-
Target
20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe
-
Size
5.9MB
-
MD5
983a2b77e208ea9938635ec41848b60d
-
SHA1
6df003e8ca64c91f5054e4ed731339212545cbe5
-
SHA256
ef2d3992a3f9d64c02e4da91238337183a1730a7b79c5078e9ffc05276eb1b2b
-
SHA512
46a4966aab51ddcedc5bcd570dda9150c05c39b35959d25794fb5207de7760c2539c40afa0cba8aa5ca9da87d9595dad390090dd301ec675b279920b0e946d1c
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU5:T+856utgpPF8u/75
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral2/memory/1232-0-0x00007FF727470000-0x00007FF7277C4000-memory.dmp xmrig behavioral2/memory/1232-2-0x00007FF727470000-0x00007FF7277C4000-memory.dmp xmrig -
resource yara_rule behavioral2/memory/1232-0-0x00007FF727470000-0x00007FF7277C4000-memory.dmp upx behavioral2/memory/1232-2-0x00007FF727470000-0x00007FF7277C4000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1232 20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe Token: SeLockMemoryPrivilege 1232 20240906983a2b77e208ea9938635ec41848b60dcobaltstrikecobaltstrikepoetrat.exe