Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
24-06-2024 08:20
General
-
Target
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
7fb30f841921ce769c19a429a6d8ce32
-
SHA1
7d4805f0f91c0de832bcb65295e223319d7d9ba6
-
SHA256
22306f97acc1b070e2f78d4b6f8e8564462d80785874e61f023fd550a4b19dae
-
SHA512
5c34d45590b3be7b5dc692c9682ca756d2472ba54a5b7f3d24b790516674e0facf25da342d1796f8f7fdf85b2d7ba8b60418d6be6fe6087945a0281a9c8bd04b
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUM:Q+856utgpPF8u/7M
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
UPX dump on OEP (original entry point) 2 IoCs
-
XMRig Miner payload 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4156-0-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmpFilesize
3.3MB
-
memory/4156-1-0x000001D0C8AF0000-0x000001D0C8B00000-memory.dmpFilesize
64KB
-
memory/4156-2-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmpFilesize
3.3MB