xmrig | 5a46df71756294f25a91d709d89097ee0c13f460b1efaddb27f5cc292d1d456c

Analysis

max time kernel
93s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 01:45

Target

2024-09-20_5bd5361b69d7767d8f62c0c42a0af988_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

5bd5361b69d7767d8f62c0c42a0af988
SHA1

848cc3a3ab1cac39cfb9c2efc306f65af7e689fd
SHA256

5a46df71756294f25a91d709d89097ee0c13f460b1efaddb27f5cc292d1d456c
SHA512

6933dbf8d9d158e564c954e6b533d9bf7b896a7de9d9939a39d76879fc44e5cde9a6bdf069658fe3d9442f249bb215967d9113b8c5ef03ec825a4f85ec0215ab
SSDEEP

98304:demTLkNdfE0pZ3s56utgpPFotBER/mQ32lU6:E+x56utgpPF8u/76

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral2/memory/3960-0-0x00007FF7349C0000-0x00007FF734D14000-memory.dmp	xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3960-0-0x00007FF7349C0000-0x00007FF734D14000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2024-09-20_5bd5361b69d7767d8f62c0c42a0af988_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_5bd5361b69d7767d8f62c0c42a0af988_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
PID:3960

memory/3960-0-0x00007FF7349C0000-0x00007FF734D14000-memory.dmp

Filesize
3.3MB

Download
memory/3960-1-0x00007FF7349C0000-0x00007FF734D14000-memory.dmp

Filesize
3.3MB

Download