Overview

overview

10

Static

static

10

2025-01-21...at.exe

windows7-x64

10

2025-01-21...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2025, 23:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-21_dae54506d86f44abf034f8f1d6e33673_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    dae54506d86f44abf034f8f1d6e33673

  • SHA1

    3ad8b10c83c834ea99d31a5e81decc9a21e0c9d1

  • SHA256

    d3fbefe79c1c6df39949ae83f87b4b6319434ce3abfd7bedbccaf8e1e7c24090

  • SHA512

    c9a2d9e1940cfb20655b62680ae272c7c79e95c89773cfa9122a60275266dfeddde07732d2930d429deb530a98e502ae391d14f3a620bcdb1d0ed47ca352123e

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUS:j+R56utgpPF8u/7S

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-21_dae54506d86f44abf034f8f1d6e33673_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-21_dae54506d86f44abf034f8f1d6e33673_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1920

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1920-1-0x00000000000F0000-0x0000000000100000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1920-0-0x000000013FA80000-0x000000013FDCD000-memory.dmp

          Filesize

          3.3MB

          Download