Overview

overview

10

Static

static

10

2025-01-22...at.exe

windows7-x64

10

2025-01-22...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2025 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    d5a1e77e714790e36b0cbaf888987419

  • SHA1

    5afee231643d9e4cbeb33c544d66fbb66d251db7

  • SHA256

    6bd5a31ad1624df1cd70167c9c857fb77efa25acf92af434f2ec3ecfbcefe1e5

  • SHA512

    4cf6870bf18d12c528b1704987be1a369c7b417e0a50aecd366261c2fd5b515187b156892318df110ddf9d0bb56f5d2983e593a8e8633d2d06b2a217eab3b972

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUh:j+R56utgpPF8u/7h

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1712-1-0x00000000000F0000-0x0000000000100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1712-0-0x000000013F200000-0x000000013F54D000-memory.dmp

    Filesize

    3.3MB

    Download