Analysis
-
max time kernel
6s -
max time network
149s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 10:18
Static task
static1
Behavioral task
behavioral1
Sample
cpu.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
cpu.exe
-
Size
6.6MB
-
MD5
e95f766a3748042efbf0f05d823f82b7
-
SHA1
fa4a29f9b95f4491e07eba54a677d52d8d061a19
-
SHA256
1aef2fba4058ad80e4ae16dce0d2609e9f946ba9a4f2203891a26a92b3f6578c
-
SHA512
e4d61199b57ae189c2bef7adc661224cfb00e9d6b3526c07624911238aad2d81d9548b52db1c6dbbf4a0e3f766d57080d2414ca836e037f0bb39728d1f1af55c
Malware Config
Signatures
-
XMRig Miner Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1740-3-0x000000013FC40000-0x0000000140DF8000-memory.dmp xmrig -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
cpu.exedescription pid process Token: SeLockMemoryPrivilege 1740 cpu.exe Token: SeLockMemoryPrivilege 1740 cpu.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1740-2-0x00000000000F0000-0x0000000000104000-memory.dmpFilesize
80KB
-
memory/1740-3-0x000000013FC40000-0x0000000140DF8000-memory.dmpFilesize
17.7MB
-
memory/1740-4-0x0000000000370000-0x0000000000390000-memory.dmpFilesize
128KB
-
memory/1740-5-0x0000000000390000-0x00000000003B0000-memory.dmpFilesize
128KB