xmrig | fd93b2ad4fe7d789cbd26c84f657e8eea418cc3fc8631ad52b8a197d06387c87

General

Target

sqlservr.exe
Size

3.9MB
MD5

325d88ea2ee59fc0faec0cd4e6db494e
SHA1

63f2c5cbabd05e857c983741f4b9d71f7fbc6f69
SHA256

eef7b9db43f331b41bfdc87fa0517fbd76981a9b9574fe2ee45bcc1ca390e616
SHA512

6fdc79184bb209c1ec7e4a720fa6aed6a50a6dae2a6773d2c30c71be0eadbf2fb5dad6f906815a977a4081b239a06c4d087bcbb9b01a7aa8ffd8e4f0bb659cc2

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner Payload 3 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/680-82-0x000000013F2F0000-0x000000014064B000-memory.dmp	xmrig
behavioral1/memory/680-83-0x000000013F2F0000-0x000000014064B000-memory.dmp	xmrig
behavioral1/memory/680-84-0x000000013F2F0000-0x000000014064B000-memory.dmp	xmrig

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

sqlservr.exe

pid process

680 sqlservr.exe

pid	process
680	sqlservr.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1292	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1292	AUDIODG.EXE
Token: 33	1292	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1292	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\sqlservr.exe
"C:\Users\Admin\AppData\Local\Temp\sqlservr.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:680

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1292

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/680-55-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/680-56-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-57-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-58-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-59-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-61-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-62-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-60-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-63-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-64-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-65-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-66-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-67-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-68-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-69-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-70-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-71-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-72-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-73-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-74-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-75-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-76-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-77-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-78-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-80-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-79-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-81-0x0000000077460000-0x0000000077470000-memory.dmp

Filesize
64KB

Download
memory/680-82-0x000000013F2F0000-0x000000014064B000-memory.dmp

Filesize
19.4MB

Download
memory/680-83-0x000000013F2F0000-0x000000014064B000-memory.dmp

Filesize
19.4MB

Download
memory/680-84-0x000000013F2F0000-0x000000014064B000-memory.dmp

Filesize
19.4MB

Download
memory/680-85-0x00000000002D0000-0x00000000002E4000-memory.dmp

Filesize
80KB

Download
memory/836-86-0x000007FEFBD61000-0x000007FEFBD63000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads