Overview

overview

10

Static

static

10

2024-09-18...at.exe

windows7-x64

10

2024-09-18...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-18_ee00c512a3367ce0d8c4377c3e71747f_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.9MB

  • MD5

    ee00c512a3367ce0d8c4377c3e71747f

  • SHA1

    3d4d19417fae839562f4617e9399d00d9041e79d

  • SHA256

    f45a410b5640f6e14687c0f299e29c3a7b55c23710349c0f24cb0675713315bd

  • SHA512

    cc54b5e3fe57cd51ef360491158cfc86740ea5d0ee1b5f16d46e42e426f426a100549c01893805f7e29b7f098c6aba59ee9c8cbe720db767b3e1478466e74143

  • SSDEEP

    98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUb:T+856utgpPF8u/7b

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 2 IoCs
    miner
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-18_ee00c512a3367ce0d8c4377c3e71747f_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-18_ee00c512a3367ce0d8c4377c3e71747f_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4012-0-0x00007FF63C560000-0x00007FF63C8B4000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4012-1-0x000001689FE00000-0x000001689FE10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4012-2-0x00007FF63C560000-0x00007FF63C8B4000-memory.dmp

    Filesize

    3.3MB

    Download