Overview

overview

10

Static

static

LinkMiner.exe

windows7_x64

10

LinkMiner.exe

windows10_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    07-05-2021 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LinkMiner.exe

  • Size

    47KB

  • MD5

    252abb0504523f55a08c29bbe6460bcc

  • SHA1

    0ee2118397347c297e840f3a204a44179f924b3d

  • SHA256

    06381f7fd865363d44156b4308e09164804ad102d6e493239723b7d89ca30b44

  • SHA512

    32a66496236149a99e2bd4dfb165aee0dd1f7e076792ef4df0f2e8ba3c6f783189701faba3ebf0d730a3c9e91094f3fc240d8cd777f694c14336610f33d0aa4c

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner Payload 1 IoCs
    miner
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LinkMiner.exe
    "C:\Users\Admin\AppData\Local\Temp\LinkMiner.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Users\Admin\AppData\Roaming\reference\xmrig.exe
      "C:\Users\Admin\AppData\Roaming\reference\xmrig.exe" -o solo-xmr.2miners.com:4444 -a rx -k -u 48WRwJWbGu3FZGAqb3kjt1StxueCLVWnQaAUWby8PzBVWcCJ56qJpuFeze78WWCCYG9m76fwXUzGDhCcRbBBrQaF2guJojL.cpuminerAdmin --max-cpu-usage=30
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\reference\xmrig.exe
    MD5

    aa318a599fee3d322d6b5fa6d4b568de

    SHA1

    b2dff433338f5cf776741d3db7c03ed48c220a58

    SHA256

    9b324b9905c4e32ccf5cba0249ab82262173486f6382e170cbf2fafab1846fd9

    SHA512

    b2a9f03d30a0fea28b6fff811ecf443454eb782c71487926fca9c179d7352c4864c5b27fb9dfd3f34a3641cb65d25f8ab6c5d16f2856033fe88c90a2ef44c3e0

    Download Submit
  • memory/808-114-0x00000212D5D50000-0x00000212D5D51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/808-116-0x00000212D6040000-0x00000212D6041000-memory.dmp
    Filesize

    4KB

    Download
  • memory/808-117-0x00000212F0320000-0x00000212F0322000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3976-118-0x0000000000000000-mapping.dmp
    Download
  • memory/3976-120-0x0000000000180000-0x0000000000194000-memory.dmp
    Filesize

    80KB

    Download
  • memory/3976-121-0x00000000001D0000-0x00000000001F0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/3976-122-0x00000000011C0000-0x00000000011E0000-memory.dmp
    Filesize

    128KB

    Download