xmrig | b75722b14180f84814c5b6088f73b8917e64607cbea390b8ea661f06c6f9e11c

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:25

Target

2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

5539479708128bd32cc3f5e9a4dc9f99
SHA1

e5e89346257b2e65b71aa42caaa94944a8514b64
SHA256

b75722b14180f84814c5b6088f73b8917e64607cbea390b8ea661f06c6f9e11c
SHA512

edf10b453db6d6f6a1a995f91a2d13f58e897938f15ee3e1736861dc39b5e4670ea14c10cba4c41e2ddde8e6413b4216070d699a6641fd4f7e3b5a2c17812396
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/1924-0-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1924-2-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1924-0-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1924-2-0x000000013F210000-0x000000013F564000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1924	2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	1924	2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-19_5539479708128bd32cc3f5e9a4dc9f99_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1924

memory/1924-0-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1924-2-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download