xmrig | 079e4ae75e2cab494b39d9a98f0d113f2262931814ef5e5fbfcad7b5be9adf83

Analysis

max time kernel
132s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 09:42

Target

2024-09-14_e06625916f522ba0f3729e81bb0c50d8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

e06625916f522ba0f3729e81bb0c50d8
SHA1

46c168572747d5849d5e9d3adecd418da83d9c05
SHA256

079e4ae75e2cab494b39d9a98f0d113f2262931814ef5e5fbfcad7b5be9adf83
SHA512

6837a7555b34c6528c27f544edda510f9c8c7abd80fd7c9d5129b29d9892b6032d6d87e9b6a97b080cb6256674fd38c14bb6716bb18cc07ede3e8e8968cb9f4f
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUz:T+856utgpPF8u/7z

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/3012-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/3012-2-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3012-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/3012-2-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3012	2024-09-14_e06625916f522ba0f3729e81bb0c50d8_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	3012	2024-09-14_e06625916f522ba0f3729e81bb0c50d8_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-14_e06625916f522ba0f3729e81bb0c50d8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-14_e06625916f522ba0f3729e81bb0c50d8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3012

memory/3012-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3012-2-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download