xmrig | a4876532de95bf0106b96408fb2a01cf4e4fd531f1884ac422ea4ac8536d087c

Analysis

max time kernel
94s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 01:11

Target

2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

be7c3483c0ae91eff9ac205611255f92
SHA1

1df3d53ad4c870e9f04ed95b6eeb2fd775b14803
SHA256

a4876532de95bf0106b96408fb2a01cf4e4fd531f1884ac422ea4ac8536d087c
SHA512

fd9a152f4acff3fa8b30c66db3f99c11ca069b81809f96c095aba1c5e9e4ae60a2362d69ae56134a8f695e0ae35f40006b68215a48a7107a83a468250f67662e
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUu:eOl56utgpPF8u/7u

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral2/memory/1936-0-0x00007FF6FBA20000-0x00007FF6FBD74000-memory.dmp	xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1936-0-0x00007FF6FBA20000-0x00007FF6FBD74000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
PID:1936

memory/1936-0-0x00007FF6FBA20000-0x00007FF6FBD74000-memory.dmp

Filesize
3.3MB

Download