Analysis
-
max time kernel
132s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24-06-2024 09:01
Behavioral task
behavioral1
Sample
2024-06-24_9b74fbe3315030749197fd69fa0188e6_cobalt-strike_cobaltstrike_poet-rat.exe
Resource
win7-20240508-en
4 signatures
150 seconds
General
-
Target
2024-06-24_9b74fbe3315030749197fd69fa0188e6_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
9b74fbe3315030749197fd69fa0188e6
-
SHA1
ea9c972eb49e8327b4460fb693c8f63d4aa5389c
-
SHA256
73e2c1ec1c1567c3e8423c2c3f8423cad31230616f424fb6a7ea23d0cb13879e
-
SHA512
e49ce0e95841a56a89d228e07a4e8329edcd31027fa3ed6a966936f618719e0ae9312e368ecdeb4b713447726f68ff666bc50c2697de403a3a05607c7c9dee66
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUJ:Q+856utgpPF8u/7J
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1084-0-0x000000013F860000-0x000000013FBB4000-memory.dmp xmrig behavioral1/memory/1084-2-0x000000013F860000-0x000000013FBB4000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral1/memory/1084-0-0x000000013F860000-0x000000013FBB4000-memory.dmp upx behavioral1/memory/1084-2-0x000000013F860000-0x000000013FBB4000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-24_9b74fbe3315030749197fd69fa0188e6_cobalt-strike_cobaltstrike_poet-rat.exedescription pid process Token: SeLockMemoryPrivilege 1084 2024-06-24_9b74fbe3315030749197fd69fa0188e6_cobalt-strike_cobaltstrike_poet-rat.exe Token: SeLockMemoryPrivilege 1084 2024-06-24_9b74fbe3315030749197fd69fa0188e6_cobalt-strike_cobaltstrike_poet-rat.exe