xmrig | ea97137ea1a041c3c00da972b49da8e709b2e66470fbbfd00387745d0e29b365 | Triage

Submit
Reports

Overview

overview

Static

static

4KK7.exe

windows7_x64

4KK7.exe

windows10_x64

Sharing

General

Target

4KK7.exe
Size

783KB
Sample

210703-bwq12slan2
MD5

3ff0a091552052c3644fc29cb73526b5
SHA1

1c1b9a015ce7e4d4ec6bd37c85d172d6873a195e
SHA256

ea97137ea1a041c3c00da972b49da8e709b2e66470fbbfd00387745d0e29b365
SHA512

e0abcda86ae6d7025a9bf8ceee39c1431465db7788fbf6f286d0f504183f53d94da3594e7965ff719b2a7cad2349ebbf791f8345f3730f8cfdb7c6f1981e942a

Score

10^/10

xmrig miner persistence ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

4KK7.exe

Resource

win7v20210410

xmrig miner persistence ransomware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4KK7.exe

Resource

win10v20210408

xmrig miner persistence ransomware upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4KK7.exe
- Size
  
  783KB
- MD5
  
  3ff0a091552052c3644fc29cb73526b5
- SHA1
  
  1c1b9a015ce7e4d4ec6bd37c85d172d6873a195e
- SHA256
  
  ea97137ea1a041c3c00da972b49da8e709b2e66470fbbfd00387745d0e29b365
- SHA512
  
  e0abcda86ae6d7025a9bf8ceee39c1431465db7788fbf6f286d0f504183f53d94da3594e7965ff719b2a7cad2349ebbf791f8345f3730f8cfdb7c6f1981e942a
Score

10^/10

xmrig miner persistence ransomware upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigminerpersistenceransomwareupx

behavioral2

xmrigminerpersistenceransomwareupx

© 2018-2024

Terms | Privacy