Overview

overview

10

Static

static

10

2025-01-21...at.exe

windows7-x64

10

2025-01-21...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-01-2025 23:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-21_dae54506d86f44abf034f8f1d6e33673_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    dae54506d86f44abf034f8f1d6e33673

  • SHA1

    3ad8b10c83c834ea99d31a5e81decc9a21e0c9d1

  • SHA256

    d3fbefe79c1c6df39949ae83f87b4b6319434ce3abfd7bedbccaf8e1e7c24090

  • SHA512

    c9a2d9e1940cfb20655b62680ae272c7c79e95c89773cfa9122a60275266dfeddde07732d2930d429deb530a98e502ae391d14f3a620bcdb1d0ed47ca352123e

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUS:j+R56utgpPF8u/7S

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-21_dae54506d86f44abf034f8f1d6e33673_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-21_dae54506d86f44abf034f8f1d6e33673_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3164-1-0x0000027850C50000-0x0000027850C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3164-0-0x00007FF725880000-0x00007FF725BCD000-memory.dmp

    Filesize

    3.3MB

    Download