Analysis
-
max time kernel
4s -
max time network
1s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-12-2020 15:31
General
-
Target
8d7bdc325fc2dd786959563f31281bac.exe
-
Size
2.8MB
-
MD5
8d7bdc325fc2dd786959563f31281bac
-
SHA1
7ebe2fb4816ae23b4b109f0b3480eaee7c897064
-
SHA256
d27ed6a4c7651591caf908dbcf36893ab1bee72b50d589efdf197b7df56bc0e3
-
SHA512
8866b412d6802ec85765b92171f0d04e98f860e0109d47b8460558a4242caa69563d24adc1b79e37e20522d9c2393e681ca967082e5762d0d12a65d046fe9985
Score
10/10
Malware Config
Signatures
-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
FakeAV payload 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Sets file execution options in registry 2 TTPs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Drops file in System32 directory 6 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d7bdc325fc2dd786959563f31281bac.exe"C:\Users\Admin\AppData\Local\Temp\8d7bdc325fc2dd786959563f31281bac.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\srtsrv32.exe"C:\Windows\system32\srtsrv32.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"3⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"4⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"5⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"6⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\lssmon.exe"C:\Windows\system32\lssmon.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\srtsrv32.exe"C:\Windows\system32\srtsrv32.exe"3⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"4⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"5⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"6⤵
-
-
-
-
-
C:\Windows\SysWOW64\srtsrv32.exe"C:\Windows\system32\srtsrv32.exe"3⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"4⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"5⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"6⤵
-
-
-
-
-
C:\Windows\SysWOW64\srtsrv32.exe"C:\Windows\system32\srtsrv32.exe"3⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"4⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"5⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"6⤵
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 10603⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB