Overview

overview

10

Static

static

10

2024-12-18...at.exe

windows7-x64

10

2024-12-18...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-18_3195fb5fd97a43e45e828b380b0814a0_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    6.0MB

  • MD5

    3195fb5fd97a43e45e828b380b0814a0

  • SHA1

    aad662e9324e715ffeb061899e8d833927caf1e3

  • SHA256

    d9ba5e5316ab72fcf3e379e098f5356393452389c1811e873d8a882c23d55373

  • SHA512

    6ba7e885d9ff984aa5cea2a3564a3dd90a642c68f336860bbe5c05ee842543e32854dc9b7a10ccadf800d88a67240bc77175e22c57d9ce019b52077944a0e2cc

  • SSDEEP

    98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUj:eOl56utgpPF8u/7j

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-18_3195fb5fd97a43e45e828b380b0814a0_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-18_3195fb5fd97a43e45e828b380b0814a0_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
      PID:2380

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2380-0-0x00007FF7F2710000-0x00007FF7F2A64000-memory.dmp

      Filesize

      3.3MB

      Download