Overview

overview

10

Static

static

10

2025-01-22...at.exe

windows7-x64

10

2025-01-22...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2025 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-22_84e63e632c4bc8484a7c0d0a6aeb54e8_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    84e63e632c4bc8484a7c0d0a6aeb54e8

  • SHA1

    0b8ac6d3d7e1202dd61466308b8f13b06591e8d1

  • SHA256

    f555f87aaa334f6142f58005187ab7cea4a5be04bb22b67300cad9f476b0794b

  • SHA512

    57bc38be193e1565171fa576c59f214cae37b36bdf095c64c7c9971919480adef7a6a6d2e56419103755bd4acf63faa86d9442bbc990a47e655fd420aa956507

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU0:j+R56utgpPF8u/70

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-22_84e63e632c4bc8484a7c0d0a6aeb54e8_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-22_84e63e632c4bc8484a7c0d0a6aeb54e8_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2360-1-0x00000000000F0000-0x0000000000100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2360-0-0x000000013FA30000-0x000000013FD7D000-memory.dmp

    Filesize

    3.3MB

    Download