Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/10/2024, 10:36

General

  • Target

    2024-10-27_90fb243e4c987f40a62d3927a1779ba3_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    90fb243e4c987f40a62d3927a1779ba3

  • SHA1

    4e716f2c3fce529f320cfbd4809c7322821a4b68

  • SHA256

    1da1d4b72e31f159e270fa2bcd50f9181f1260c9359f4449eab8d04f07b8d1ff

  • SHA512

    5075dfd138138e69aebf0ac132b2ecadce9ba54a667bce87d1cc9563cb5f61b509fb9a1b824303147a9a74f1c4e8a139886b9bfed81c27e0e911438681641a24

  • SSDEEP

    98304:hemTLkNdfE0pZaN56utgpPFotBER/mQ32lUO:w+156utgpPF8u/7O

Score
10/10

Malware Config

Signatures

  • Xmrig family
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-27_90fb243e4c987f40a62d3927a1779ba3_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-27_90fb243e4c987f40a62d3927a1779ba3_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1860 -s 72
      2⤵
        PID:3020

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1860-0-0x000000013FDB0000-0x00000001400FD000-memory.dmp

            Filesize

            3.3MB