xmrig | 688e6af8b34abd4c93d52d328b7bb4a5d51a196b01a041415ba41dac150cbed3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 06:23

Target

202409128da84fbc213a6e73b70bb645fc325939cobaltstrikecobaltstrikepoetrat.exe
Size

5.9MB
MD5

8da84fbc213a6e73b70bb645fc325939
SHA1

2610d87a1139bf79a140d735f01fe80ac432546a
SHA256

688e6af8b34abd4c93d52d328b7bb4a5d51a196b01a041415ba41dac150cbed3
SHA512

234a2543ca509c6fa6f45779e300ff03a8f684cd62c38e20d93c766f9863854db772e0026660573a6279a21ee0d0d35a28841efff6e025a67ef46f7ceebdcb47
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUt:T+856utgpPF8u/7t

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/664-0-0x00007FF7F57F0000-0x00007FF7F5B44000-memory.dmp	xmrig
behavioral2/memory/664-2-0x00007FF7F57F0000-0x00007FF7F5B44000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/664-0-0x00007FF7F57F0000-0x00007FF7F5B44000-memory.dmp	upx
behavioral2/memory/664-2-0x00007FF7F57F0000-0x00007FF7F5B44000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	664	202409128da84fbc213a6e73b70bb645fc325939cobaltstrikecobaltstrikepoetrat.exe
Token: SeLockMemoryPrivilege	664	202409128da84fbc213a6e73b70bb645fc325939cobaltstrikecobaltstrikepoetrat.exe

C:\Users\Admin\AppData\Local\Temp\202409128da84fbc213a6e73b70bb645fc325939cobaltstrikecobaltstrikepoetrat.exe
"C:\Users\Admin\AppData\Local\Temp\202409128da84fbc213a6e73b70bb645fc325939cobaltstrikecobaltstrikepoetrat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:664

memory/664-0-0x00007FF7F57F0000-0x00007FF7F5B44000-memory.dmp

Filesize
3.3MB

Download
memory/664-1-0x00000191D0C40000-0x00000191D0C50000-memory.dmp

Filesize
64KB

Download
memory/664-2-0x00007FF7F57F0000-0x00007FF7F5B44000-memory.dmp

Filesize
3.3MB

Download