Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24-06-2024 08:20
Behavioral task
behavioral1
Sample
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240220-en
windows7-x64
5 signatures
150 seconds
General
-
Target
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
7fb30f841921ce769c19a429a6d8ce32
-
SHA1
7d4805f0f91c0de832bcb65295e223319d7d9ba6
-
SHA256
22306f97acc1b070e2f78d4b6f8e8564462d80785874e61f023fd550a4b19dae
-
SHA512
5c34d45590b3be7b5dc692c9682ca756d2472ba54a5b7f3d24b790516674e0facf25da342d1796f8f7fdf85b2d7ba8b60418d6be6fe6087945a0281a9c8bd04b
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUM:Q+856utgpPF8u/7M
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2872-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp UPX behavioral1/memory/2872-2-0x000000013FC50000-0x000000013FFA4000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2872-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp xmrig behavioral1/memory/2872-2-0x000000013FC50000-0x000000013FFA4000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral1/memory/2872-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp upx behavioral1/memory/2872-2-0x000000013FC50000-0x000000013FFA4000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exedescription pid process Token: SeLockMemoryPrivilege 2872 2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 2872 2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe