xmrig | f5201022495929641ec8f23327dcb08696356608f1a64223e684e220d49cb4fe | Triage

Submit
Reports

Overview

overview

Static

static

WUDFCompanionHost.exe

windows7_x64

WUDFCompanionHost.exe

windows10-2004_x64

Sharing

General

Target

WUDFCompanionHost.exe
Size

2.3MB
Sample

220429-mq39hseehl
MD5

052261452e1738da3400e50b75c1e1a0
SHA1

112da3ebb3708b132413a3776dabadb2b219cc70
SHA256

f5201022495929641ec8f23327dcb08696356608f1a64223e684e220d49cb4fe
SHA512

0654aa6592b1e33958f1171d58f7c2c6cc3889cf21d773b081b01dc78543058163ea9aee94847e7ab0b1274c498793436e6e3dc69833f60b6a4ec4f8c4f2ed47

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

WUDFCompanionHost.exe

Resource

win7-20220414-en

xmrig discovery evasion exploit miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

WUDFCompanionHost.exe

Resource

win10v2004-20220414-en

xmrig discovery evasion exploit miner

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  WUDFCompanionHost.exe
- Size
  
  2.3MB
- MD5
  
  052261452e1738da3400e50b75c1e1a0
- SHA1
  
  112da3ebb3708b132413a3776dabadb2b219cc70
- SHA256
  
  f5201022495929641ec8f23327dcb08696356608f1a64223e684e220d49cb4fe
- SHA512
  
  0654aa6592b1e33958f1171d58f7c2c6cc3889cf21d773b081b01dc78543058163ea9aee94847e7ab0b1274c498793436e6e3dc69833f60b6a4ec4f8c4f2ed47
Score

10^/10

xmrig discovery evasion exploit miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminer

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy