xmrig | 66f209a9972c6e1a88e572697425a936a5dc028b2d8bc29fddaca98ff25434b4 | Triage

Analysis

max time kernel
6s
max time network
149s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 10:18

Sharing

Report Analysis Logs

General

Target

cpu.exe
Size

6.6MB
MD5

e95f766a3748042efbf0f05d823f82b7
SHA1

fa4a29f9b95f4491e07eba54a677d52d8d061a19
SHA256

1aef2fba4058ad80e4ae16dce0d2609e9f946ba9a4f2203891a26a92b3f6578c
SHA512

e4d61199b57ae189c2bef7adc661224cfb00e9d6b3526c07624911238aad2d81d9548b52db1c6dbbf4a0e3f766d57080d2414ca836e037f0bb39728d1f1af55c

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1740-3-0x000000013FC40000-0x0000000140DF8000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

cpu.exe

description pid process

Token: SeLockMemoryPrivilege 1740 cpu.exe
Token: SeLockMemoryPrivilege 1740 cpu.exe

C:\Users\Admin\AppData\Local\Temp\cpu.exe
"C:\Users\Admin\AppData\Local\Temp\cpu.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-2-0x00000000000F0000-0x0000000000104000-memory.dmp

Filesize
80KB

Download
memory/1740-3-0x000000013FC40000-0x0000000140DF8000-memory.dmp

Filesize
17.7MB

Download
memory/1740-4-0x0000000000370000-0x0000000000390000-memory.dmp

Filesize
128KB

Download
memory/1740-5-0x0000000000390000-0x00000000003B0000-memory.dmp

Filesize
128KB

Download