a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12

General

Target

a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe
Size

238KB
MD5

ed89e2d85bae0457a01ca6c1b36b35f1
SHA1

b315fe8dc74162093a49d1b9bba06707c4493464
SHA256

a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12
SHA512

7460f60618b55c0423d60943ec2a9675a5d492a0e7c0456e0447271606d7d64ec1dda2c1601fcfb679596767f4c521a21d74c34e0d3edb80013e38a208e39f68

Score

8^/10

miner

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

ActivateDesktop.exe

pid process

1984 ActivateDesktop.exe
Cryptocurrency Miner
Makes network request to known mining pool URL.
miner

pid	process
1984	ActivateDesktop.exe

Loads dropped DLL 2 IoCs

Processes:

a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe

pid	process
940	a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe
940	a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exeActivateDesktop.exe

pid process

940 a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe
1984 ActivateDesktop.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe

description	pid	process	target process
PID 940 wrote to memory of 1984	940	a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe	ActivateDesktop.exe
PID 940 wrote to memory of 1984	940	a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe	ActivateDesktop.exe
PID 940 wrote to memory of 1984	940	a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe	ActivateDesktop.exe
PID 940 wrote to memory of 1984	940	a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe	ActivateDesktop.exe

C:\Users\Admin\AppData\Local\Temp\a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe
"C:\Users\Admin\AppData\Local\Temp\a88c39509b790633f2f9a5dc95ffa602339d330b3345714617e5647319f46a12.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:940

C:\.Trash-100\ActivateDesktop.exe
C:\.Trash-100\ActivateDesktop.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\.Trash-100\ActivateDesktop.exe
MD5
a658501bc743f5ebc6f6117195d383db

SHA1
c4dc83836ddf94513f4a4cec65e0ebbdaddedc2e

SHA256
80199aa8b15bc3cae01824cce0f6f81a67b63a54906b430db780420cbc62ed6f

SHA512
a1cc2514119fdd721168f374b3f131b58f65c79906a8d010915c5a7360987bb7f767f5dc6bd27f8dcff44aafaaaad1d3548964ed68155085cdfd6d92dee736c3

Download Submit
C:\.Trash-100\db\framework_exe
MD5
665009c6d258a06e710ff8c7810f4697

SHA1
abf7abc9bae75e5323a12b1d58336dfe0fd58e22

SHA256
98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

SHA512
a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

Download Submit
C:\.Trash-100\db\version
MD5
d33f67c5652acb3fac99b9dc16bea0c1

SHA1
456ecc26a705746349aaee35b187f91a3fa088fc

SHA256
d49308d2181e81230a9badbdae5b3e5065c3427fb5e3276e0e9b5287a9a623a4

SHA512
49f94b370cc9cb59ab168666e18f58dcb6d6f5b801379e28c7c16d016e2afa53e144aba2eb5884d9868c9e918e439bf522888b9ee70accc3dd019dad9e748c96

Download Submit
\.Trash-100\ActivateDesktop.exe
MD5
a658501bc743f5ebc6f6117195d383db

SHA1
c4dc83836ddf94513f4a4cec65e0ebbdaddedc2e

SHA256
80199aa8b15bc3cae01824cce0f6f81a67b63a54906b430db780420cbc62ed6f

SHA512
a1cc2514119fdd721168f374b3f131b58f65c79906a8d010915c5a7360987bb7f767f5dc6bd27f8dcff44aafaaaad1d3548964ed68155085cdfd6d92dee736c3

Download Submit
\.Trash-100\ActivateDesktop.exe
MD5
a658501bc743f5ebc6f6117195d383db

SHA1
c4dc83836ddf94513f4a4cec65e0ebbdaddedc2e

SHA256
80199aa8b15bc3cae01824cce0f6f81a67b63a54906b430db780420cbc62ed6f

SHA512
a1cc2514119fdd721168f374b3f131b58f65c79906a8d010915c5a7360987bb7f767f5dc6bd27f8dcff44aafaaaad1d3548964ed68155085cdfd6d92dee736c3

Download Submit
memory/1984-61-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing