Overview

overview

10

Static

static

10

2025-01-21...at.exe

windows7-x64

10

2025-01-21...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2025 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-21_7334a2460f320d5000274470eef01f7c_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    7334a2460f320d5000274470eef01f7c

  • SHA1

    b1ad6140ad7871f66d46f7e7090f80c5e6f7925b

  • SHA256

    e3e6bcba678b6a52d6405de19e92af51b9bbcc274f0c276333eec42b51324fe6

  • SHA512

    2e129250f94250189d5070fc535dd421a64794fe4721513f0c198093ffe3ee5481bcdceecc29d227cb2a721adee523a56338cb9bde514cb4498c7e4875039cad

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUn:j+R56utgpPF8u/7n

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-21_7334a2460f320d5000274470eef01f7c_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-21_7334a2460f320d5000274470eef01f7c_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1720-0-0x000000013FF90000-0x00000001402DD000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1720-1-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

    Download