xmrig | 264492f0f6d4dde17c1432830bada93de99351bfbff2c600db8e8e085ec7f3fd

Analysis

max time kernel
132s
max time network
143s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 13:38

Target

2024-09-13_e79a952137e6827d6e64fc43f420de98_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

e79a952137e6827d6e64fc43f420de98
SHA1

180ecb92ac66925a64b79457a97521db6f7b295b
SHA256

264492f0f6d4dde17c1432830bada93de99351bfbff2c600db8e8e085ec7f3fd
SHA512

8711cb83b6bfa16abd911fdcd8b07a704ff0611911d49ec412535c2b287f7b4d44456171eb49fbe4b96d00f1b525f707b82bf31a58382432853a85edb4f7786c
SSDEEP

98304:BemTLkNdfE0pZrT56utgpPFotBER/mQ32lUz:Q+u56utgpPF8u/7z

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/2444-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2444-2-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2444-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2444-2-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2444	2024-09-13_e79a952137e6827d6e64fc43f420de98_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	2444	2024-09-13_e79a952137e6827d6e64fc43f420de98_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-13_e79a952137e6827d6e64fc43f420de98_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-13_e79a952137e6827d6e64fc43f420de98_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2444

memory/2444-0-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2444-2-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download