Analysis
-
max time kernel
132s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
14-09-2024 09:48
General
-
Target
2024-09-14_8572bf7c64f9a37220f38308f7527ffb_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
8572bf7c64f9a37220f38308f7527ffb
-
SHA1
dfecc46bd33d6425f4ecf02d39bcb1c87fab8bc0
-
SHA256
45d3fbfa85d4bf598762f7cbeefc8ee784d72a8a8a83aafe07639e6c30f19d3f
-
SHA512
4fa985a726ba312c9899acb0d16ec88f691f6f1459237b6766b26a548d053b7c426380f9976e45abd0e3b0c44538efdd7b956ca3e2e19bb6b1f5cdcfc1795aea
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUF:T+856utgpPF8u/7F
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-14_8572bf7c64f9a37220f38308f7527ffb_cobalt-strike_cobaltstrike_poet-rat.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-14_8572bf7c64f9a37220f38308f7527ffb_cobalt-strike_cobaltstrike_poet-rat.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.3MB
-
Filesize
64KB
-
Filesize
3.3MB