xmrig | 6bd5a31ad1624df1cd70167c9c857fb77efa25acf92af434f2ec3ecfbcefe1e5

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 13:49

Target

2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

d5a1e77e714790e36b0cbaf888987419
SHA1

5afee231643d9e4cbeb33c544d66fbb66d251db7
SHA256

6bd5a31ad1624df1cd70167c9c857fb77efa25acf92af434f2ec3ecfbcefe1e5
SHA512

4cf6870bf18d12c528b1704987be1a369c7b417e0a50aecd366261c2fd5b515187b156892318df110ddf9d0bb56f5d2983e593a8e8633d2d06b2a217eab3b972
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUh:j+R56utgpPF8u/7h

Score

10^/10

xmrig miner

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral2/memory/4864-0-0x00007FF7B09C0000-0x00007FF7B0D0D000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4864	2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	4864	2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe

C:\Users\Admin\AppData\Local\Temp\2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_d5a1e77e714790e36b0cbaf888987419_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

memory/4864-1-0x00000199A9830000-0x00000199A9840000-memory.dmp

Filesize
64KB

Download
memory/4864-0-0x00007FF7B09C0000-0x00007FF7B0D0D000-memory.dmp

Filesize
3.3MB

Download