xmrig | 0097b51236be3c02e435d34ade6e54addd358a9de83f05610d90ff93d9e4ae97

Analysis

max time kernel
131s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 03:18

Target

2024-09-18_c3f34863cf7403ffbc5414794ed2dda8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

c3f34863cf7403ffbc5414794ed2dda8
SHA1

00e54b5866a9d0233f5de1b7e64b15157d9cc684
SHA256

0097b51236be3c02e435d34ade6e54addd358a9de83f05610d90ff93d9e4ae97
SHA512

3b5ef3b58a166f4c4e2e3b9ccf0e829876083a8bfcc5775928ffe780a03e7ca4e4602e1ebc0c87f6be978767121e4d589600a24b4529165ce37e60ebedd9f748
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUq:T+856utgpPF8u/7q

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/4480-0-0x00007FF63C950000-0x00007FF63CCA4000-memory.dmp	xmrig
behavioral2/memory/4480-2-0x00007FF63C950000-0x00007FF63CCA4000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4480-0-0x00007FF63C950000-0x00007FF63CCA4000-memory.dmp	upx
behavioral2/memory/4480-2-0x00007FF63C950000-0x00007FF63CCA4000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4480	2024-09-18_c3f34863cf7403ffbc5414794ed2dda8_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	4480	2024-09-18_c3f34863cf7403ffbc5414794ed2dda8_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-18_c3f34863cf7403ffbc5414794ed2dda8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-18_c3f34863cf7403ffbc5414794ed2dda8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4480

memory/4480-0-0x00007FF63C950000-0x00007FF63CCA4000-memory.dmp

Filesize
3.3MB

Download
memory/4480-1-0x000001B047D70000-0x000001B047D80000-memory.dmp

Filesize
64KB

Download
memory/4480-2-0x00007FF63C950000-0x00007FF63CCA4000-memory.dmp

Filesize
3.3MB

Download