Analysis
-
max time kernel
112s -
max time network
38s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
15-05-2021 17:35
General
-
Target
97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad.exe
-
Size
37KB
-
MD5
0118eca1bcce8ff65be0d9b268bd61b1
-
SHA1
263593ca8fe50a540167abc243fff5303ae9bc29
-
SHA256
97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad
-
SHA512
d02fdbfea77fb300e5f1f104e37277ae673e015e9242f69a1fab17fa0a582a9d59952a93d4f23f20b2fc69f96246bcdef2965921b9f2a757d225a2baf326fb0e
Score
10/10
Malware Config
Signatures
-
Gink
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 3 IoCs
-
Drops file in Windows directory 2 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad.exe"C:\Users\Admin\AppData\Local\Temp\97d9ea2ae1341183f353bd6c1c92573cca331586a1b2ea32244484b891e0f7ad.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 1762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
-
Filesize
4KB