xmrig | e6fca45846eca1bcaedded82438aa64968717c4f0dab149c32c5db6d08210f39 | Triage

Submit
Reports

Overview

overview

Static

static

e6fca45846eca.exe

windows7_x64

e6fca45846eca.exe

windows10-2004_x64

Sharing

General

Target

e6fca45846eca.exe
Size

2.6MB
Sample

220422-rdtlrshcer
MD5

af779aace69c5fcb64cb85edf9876a72
SHA1

099992ba6887db6b6b34947926b1d695a4258ef3
SHA256

e6fca45846eca1bcaedded82438aa64968717c4f0dab149c32c5db6d08210f39
SHA512

3e3072e24b10a42a80832b625f2734ddc410a69bab10eca4825c03645aa7387963cda304fdec0df1b567312b0fba3a385cac0d9c41f53665ff7d0f6f11f0cb14

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

e6fca45846eca.exe

Resource

win7-20220414-en

discovery evasion exploit

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e6fca45846eca.exe

Resource

win10v2004-20220414-en

xmrig discovery evasion exploit miner

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e6fca45846eca.exe
- Size
  
  2.6MB
- MD5
  
  af779aace69c5fcb64cb85edf9876a72
- SHA1
  
  099992ba6887db6b6b34947926b1d695a4258ef3
- SHA256
  
  e6fca45846eca1bcaedded82438aa64968717c4f0dab149c32c5db6d08210f39
- SHA512
  
  3e3072e24b10a42a80832b625f2734ddc410a69bab10eca4825c03645aa7387963cda304fdec0df1b567312b0fba3a385cac0d9c41f53665ff7d0f6f11f0cb14
Score

10^/10

discovery evasion exploit xmrig miner
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy