xmrig | 915094489f8ec70c89ee144d0a8d318d073fdefb3dbbf8146ad010fefcb9c28e

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 08:42

Target

2024-09-19_2bec9ba5481785555f106a5deb101f94_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

2bec9ba5481785555f106a5deb101f94
SHA1

c08758ec96686c07bbff505ec78b4dd3fe3f9380
SHA256

915094489f8ec70c89ee144d0a8d318d073fdefb3dbbf8146ad010fefcb9c28e
SHA512

c074ee92effa5bf32bb9e7e0d161fdd5abf217df4b99e311cd4bfad79f85cefbb4589adb8e345146dfce9f4aa96910bc3ec515c51e0f93a0f699c0e25a716a6e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/1244-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1244-2-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1244-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1244-2-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1244	2024-09-19_2bec9ba5481785555f106a5deb101f94_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	1244	2024-09-19_2bec9ba5481785555f106a5deb101f94_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2024-09-19_2bec9ba5481785555f106a5deb101f94_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-19_2bec9ba5481785555f106a5deb101f94_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244

memory/1244-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1244-2-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download