xmrig | 6c95010dc5fe122011bceece400e883ac07452f72e8603d3f8e4864163b11db4

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 09:14

Target

2024-09-13_bb5c62b870286872dcf2ed5749045bae_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

bb5c62b870286872dcf2ed5749045bae
SHA1

a17d08702020de3b8b4803b027849ef14ad10765
SHA256

6c95010dc5fe122011bceece400e883ac07452f72e8603d3f8e4864163b11db4
SHA512

8030952cbbe95157cb9081f8fb366f20957249a0342e680ebef62074395b00e2a54863ba09070f0d489fe401073896a85f3d09174e1ba71299aecccaf6edb7c3
SSDEEP

98304:BemTLkNdfE0pZrT56utgpPFotBER/mQ32lUV:Q+u56utgpPF8u/7V

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/2776-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2776-2-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2776-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2776-2-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2776	2024-09-13_bb5c62b870286872dcf2ed5749045bae_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	2776	2024-09-13_bb5c62b870286872dcf2ed5749045bae_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-13_bb5c62b870286872dcf2ed5749045bae_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-13_bb5c62b870286872dcf2ed5749045bae_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2776

memory/2776-0-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2776-2-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download