Analysis
-
max time kernel
128s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
02-07-2024 07:45
General
-
Target
2024-07-02_33fe9480e06bd6fff4f99eb1854159df_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
6.0MB
-
MD5
33fe9480e06bd6fff4f99eb1854159df
-
SHA1
741cd0c5b5af1209af70548c41d4603826aac597
-
SHA256
e6c1f72a95b8e0b6ccd2f2fe1b0c69a1c2855eb459e06cbfeb6c6d7ffd6f7139
-
SHA512
4ba2010434a57f6655581fd399fe95a0c209a3444b925f469e07e4abe2b6d9f2640e59a997f14f569e26ad676ca8097f34b59bdbdb0510a1191156472292ba00
-
SSDEEP
98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU/:eOl56utgpPF8u/7/
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload 1 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-02_33fe9480e06bd6fff4f99eb1854159df_cobalt-strike_cobaltstrike_poet-rat.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-02_33fe9480e06bd6fff4f99eb1854159df_cobalt-strike_cobaltstrike_poet-rat.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4416,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=1424 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4136-0-0x00007FF6E5330000-0x00007FF6E5684000-memory.dmpFilesize
3.3MB