Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 12:35 UTC

General

  • Target

    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.2MB

  • MD5

    f1dfa0d2f4435b04380c49e4d325c029

  • SHA1

    cdde1a04e715f5146fe509716a4058699fb377b2

  • SHA256

    1cc98ee6780073bc82006c0ef6cac626e6d81755636b2233a0e464d1d8034e9d

  • SHA512

    cdaa993dc034a920380a106ac52e487925662bf944baede16730c243ac9950d558ea5c0930424fbff083b5ddb73ff113c6decfefdcf1775e31151789d07f24e2

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lL:RWWBibf56utgpPFotBER/mQ32lUH

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 15 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2252

Network

    No results found
  • 3.120.209.58:8080
    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
    3
  • 3.120.209.58:8080
    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
    3
  • 3.120.209.58:8080
    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
    3
  • 3.120.209.58:8080
    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
    3
  • 3.120.209.58:8080
    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
    3
  • 3.120.209.58:8080
    2024-09-14_f1dfa0d2f4435b04380c49e4d325c029_cobalt-strike_cobaltstrike_poet-rat.exe
    152 B
    3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2252-0-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

  • memory/2252-1-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-2-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-3-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-4-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-5-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-6-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-7-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-8-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-9-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-10-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-11-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-12-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-13-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-14-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-15-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2252-16-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.