Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 08:20
Behavioral task
behavioral1
Sample
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
7fb30f841921ce769c19a429a6d8ce32
-
SHA1
7d4805f0f91c0de832bcb65295e223319d7d9ba6
-
SHA256
22306f97acc1b070e2f78d4b6f8e8564462d80785874e61f023fd550a4b19dae
-
SHA512
5c34d45590b3be7b5dc692c9682ca756d2472ba54a5b7f3d24b790516674e0facf25da342d1796f8f7fdf85b2d7ba8b60418d6be6fe6087945a0281a9c8bd04b
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUM:Q+856utgpPF8u/7M
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4156-0-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmp UPX behavioral2/memory/4156-2-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmp UPX -
XMRig Miner payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4156-0-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmp xmrig behavioral2/memory/4156-2-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral2/memory/4156-0-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmp upx behavioral2/memory/4156-2-0x00007FF6EAF90000-0x00007FF6EB2E4000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exedescription pid process Token: SeLockMemoryPrivilege 4156 2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 4156 2024-06-24_7fb30f841921ce769c19a429a6d8ce32_cobalt-strike_cobaltstrike_poet-rat.exe