Overview

overview

10

Static

static

10

2025-01-21...at.exe

windows7-x64

10

2025-01-21...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2025 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-21_cef4ed55fddb95f270b86e3e8ba5b27c_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    cef4ed55fddb95f270b86e3e8ba5b27c

  • SHA1

    243f16f71658eab6c123463e91cf2115ab1f6e50

  • SHA256

    c749887312f4e13a60e78c40e345b5b1b883d3c568455e78a364ec5911be7c88

  • SHA512

    2f068eced7d7bcf8425b977e241512215adff58f1834ae156e438e862fc4d190f8f98278ecb1ad9a068fb9f2d3386d7656262845d02687257b16688fb0270a5f

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUP:j+R56utgpPF8u/7P

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-21_cef4ed55fddb95f270b86e3e8ba5b27c_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-21_cef4ed55fddb95f270b86e3e8ba5b27c_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1720-1-0x0000000000080000-0x0000000000090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1720-0-0x000000013FC30000-0x000000013FF7D000-memory.dmp

    Filesize

    3.3MB

    Download