xmrig | 376527c3b21c69d088776789f61af53612e65fdd687720d7193c1de040c186fa

Analysis

max time kernel
131s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 16:06

Target

2024-09-12_6a56d81239d2602fbfa7f47a9efac72a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

6a56d81239d2602fbfa7f47a9efac72a
SHA1

6cecdb714cbeccb66ae9d6e4d8a4ee00acfe10bd
SHA256

376527c3b21c69d088776789f61af53612e65fdd687720d7193c1de040c186fa
SHA512

13ec515c2d6934ae33aaf4d6a96dea32a3ce8fa32d8733cec091f21a10bd7ac0b81af1eeade4281b17fc6857eb6a21df1d80b5bb2c648900002df84491cf6255
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU4:T+856utgpPF8u/74

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/3864-0-0x00007FF630A30000-0x00007FF630D84000-memory.dmp	xmrig
behavioral2/memory/3864-2-0x00007FF630A30000-0x00007FF630D84000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3864-0-0x00007FF630A30000-0x00007FF630D84000-memory.dmp	upx
behavioral2/memory/3864-2-0x00007FF630A30000-0x00007FF630D84000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3864	2024-09-12_6a56d81239d2602fbfa7f47a9efac72a_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	3864	2024-09-12_6a56d81239d2602fbfa7f47a9efac72a_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-12_6a56d81239d2602fbfa7f47a9efac72a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-12_6a56d81239d2602fbfa7f47a9efac72a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3864

memory/3864-0-0x00007FF630A30000-0x00007FF630D84000-memory.dmp

Filesize
3.3MB

Download
memory/3864-1-0x000002166DB00000-0x000002166DB10000-memory.dmp

Filesize
64KB

Download
memory/3864-2-0x00007FF630A30000-0x00007FF630D84000-memory.dmp

Filesize
3.3MB

Download