General
-
Target
e6fca45846eca.exe
-
Size
2.6MB
-
Sample
220422-rdtlrshcer
-
MD5
af779aace69c5fcb64cb85edf9876a72
-
SHA1
099992ba6887db6b6b34947926b1d695a4258ef3
-
SHA256
e6fca45846eca1bcaedded82438aa64968717c4f0dab149c32c5db6d08210f39
-
SHA512
3e3072e24b10a42a80832b625f2734ddc410a69bab10eca4825c03645aa7387963cda304fdec0df1b567312b0fba3a385cac0d9c41f53665ff7d0f6f11f0cb14
Static task
static1
Behavioral task
behavioral1
Sample
e6fca45846eca.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
e6fca45846eca.exe
-
Size
2.6MB
-
MD5
af779aace69c5fcb64cb85edf9876a72
-
SHA1
099992ba6887db6b6b34947926b1d695a4258ef3
-
SHA256
e6fca45846eca1bcaedded82438aa64968717c4f0dab149c32c5db6d08210f39
-
SHA512
3e3072e24b10a42a80832b625f2734ddc410a69bab10eca4825c03645aa7387963cda304fdec0df1b567312b0fba3a385cac0d9c41f53665ff7d0f6f11f0cb14
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner Payload
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-