8dd33b3674819fcf177f65db40d0e7a50937e0dcb7b8dea877dbcbfa18d8dde7

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 10:10

Target

2024-09-15_d2ac45caed0a99d17c38f562a17922cd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

d2ac45caed0a99d17c38f562a17922cd
SHA1

a51d1f61089aeab5b7929561acc0c7fd8e94f4b2
SHA256

8dd33b3674819fcf177f65db40d0e7a50937e0dcb7b8dea877dbcbfa18d8dde7
SHA512

2362d4495f67641828f6aafd6ee603b0d0987f8140accd825a19e197d082cd8c8d2008211cb379709a6d0e40150e34378d9a9080adb8a9c66f60fc51ae5e3801
SSDEEP

98304:demTLkNdfE0pZ3u56utgpPFotBER/mQ32lUR:E+b56utgpPF8u/7R

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4568-0-0x00007FF684BB0000-0x00007FF684F04000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2024-09-15_d2ac45caed0a99d17c38f562a17922cd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-15_d2ac45caed0a99d17c38f562a17922cd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
PID:4568

memory/4568-0-0x00007FF684BB0000-0x00007FF684F04000-memory.dmp

Filesize
3.3MB

Download
memory/4568-1-0x00007FF684BB0000-0x00007FF684F04000-memory.dmp

Filesize
3.3MB

Download