Overview

overview

10

Static

static

10

2025-01-26...at.exe

windows7-x64

10

2025-01-26...at.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2025, 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-26_657cd040f0a8b5c9d503c35c8ea2707c_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    657cd040f0a8b5c9d503c35c8ea2707c

  • SHA1

    6e73e8af1f76b055545a2bccc32cb3b3368c5239

  • SHA256

    2a8ac8b66e1b5232d5f194e9332d8f8c84c3914d38b9cd571c9d292fb9d44978

  • SHA512

    28af56e20efbd0e437850887589e4e4db108f248c4654b3208ec115f54bf3ce95cdf6878a10d70c9bbdac4e0fa578748aeedecc0f634b5a17055f6d4de6df884

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUt:j+R56utgpPF8u/7t

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 1 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-26_657cd040f0a8b5c9d503c35c8ea2707c_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-26_657cd040f0a8b5c9d503c35c8ea2707c_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-0-0x000000013F760000-0x000000013FAAD000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2124-1-0x0000000000100000-0x0000000000110000-memory.dmp

    Filesize

    64KB

    Download