xmrig | 1ea18e898303ca5d1d924db90432e84a58c41f19a705330dffbccd212ec121a6

Analysis

max time kernel
93s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 06:47

Target

2024-12-22_5624662568b71f461835f32d9e20c3cb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5624662568b71f461835f32d9e20c3cb
SHA1

74f32af7c797bdfd30f0e816d783ca58e7397f0b
SHA256

1ea18e898303ca5d1d924db90432e84a58c41f19a705330dffbccd212ec121a6
SHA512

416500a7d4369da8d0ad83fdd0771a4ff2ebb6844c404e59a40878cca3a9090bf8fd148837ab46eb56d462927e79e8b9577900557dec76dbf6f689f1af0b6718
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUN:eOl56utgpPF8u/7N

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/3116-0-0x00007FF7660E0000-0x00007FF766434000-memory.dmp	xmrig
behavioral2/memory/3116-1-0x00007FF7660E0000-0x00007FF766434000-memory.dmp	xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3116-0-0x00007FF7660E0000-0x00007FF766434000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2024-12-22_5624662568b71f461835f32d9e20c3cb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_5624662568b71f461835f32d9e20c3cb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
PID:3116

memory/3116-0-0x00007FF7660E0000-0x00007FF766434000-memory.dmp

Filesize
3.3MB

Download
memory/3116-1-0x00007FF7660E0000-0x00007FF766434000-memory.dmp

Filesize
3.3MB

Download