Analysis
-
max time kernel
47s -
max time network
144s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
23-02-2021 10:18
Static task
static1
Behavioral task
behavioral1
Sample
cpu.exe
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
cpu.exe
-
Size
6.6MB
-
MD5
e95f766a3748042efbf0f05d823f82b7
-
SHA1
fa4a29f9b95f4491e07eba54a677d52d8d061a19
-
SHA256
1aef2fba4058ad80e4ae16dce0d2609e9f946ba9a4f2203891a26a92b3f6578c
-
SHA512
e4d61199b57ae189c2bef7adc661224cfb00e9d6b3526c07624911238aad2d81d9548b52db1c6dbbf4a0e3f766d57080d2414ca836e037f0bb39728d1f1af55c
Malware Config
Signatures
-
XMRig Miner Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1212-3-0x00007FF6CCB70000-0x00007FF6CDD28000-memory.dmp xmrig -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
cpu.exedescription pid process Token: SeLockMemoryPrivilege 1212 cpu.exe Token: SeLockMemoryPrivilege 1212 cpu.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1212-2-0x0000020ADD970000-0x0000020ADD984000-memory.dmpFilesize
80KB
-
memory/1212-3-0x00007FF6CCB70000-0x00007FF6CDD28000-memory.dmpFilesize
17.7MB
-
memory/1212-4-0x0000020ADD9A0000-0x0000020ADD9C0000-memory.dmpFilesize
128KB
-
memory/1212-5-0x0000020ADD9E0000-0x0000020ADDA00000-memory.dmpFilesize
128KB
-
memory/1212-6-0x0000020ADD9C0000-0x0000020ADD9E0000-memory.dmpFilesize
128KB