Analysis

  • max time kernel
    6s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    23-02-2021 10:18

General

  • Target

    cpu.exe

  • Size

    6.6MB

  • MD5

    e95f766a3748042efbf0f05d823f82b7

  • SHA1

    fa4a29f9b95f4491e07eba54a677d52d8d061a19

  • SHA256

    1aef2fba4058ad80e4ae16dce0d2609e9f946ba9a4f2203891a26a92b3f6578c

  • SHA512

    e4d61199b57ae189c2bef7adc661224cfb00e9d6b3526c07624911238aad2d81d9548b52db1c6dbbf4a0e3f766d57080d2414ca836e037f0bb39728d1f1af55c

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner Payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cpu.exe
    "C:\Users\Admin\AppData\Local\Temp\cpu.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-2-0x00000000000F0000-0x0000000000104000-memory.dmp
    Filesize

    80KB

  • memory/1740-3-0x000000013FC40000-0x0000000140DF8000-memory.dmp
    Filesize

    17.7MB

  • memory/1740-4-0x0000000000370000-0x0000000000390000-memory.dmp
    Filesize

    128KB

  • memory/1740-5-0x0000000000390000-0x00000000003B0000-memory.dmp
    Filesize

    128KB