General
-
Target
script1.exe
-
Size
7.2MB
-
Sample
220519-2hj81acee5
-
MD5
cc45f791667f3b9fb6281414f5325561
-
SHA1
df8b29bbc15712f928a61f6d0c8e045d823dce84
-
SHA256
dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785
-
SHA512
f70692b95b4b09d65f5bf4ef5915fccbf2f0628ad206e3fa064b6d595e5176d4e9d89368215b474e0ca95f38bae918fe31f2d64aa9849a9045cd5b4d84ff95d7
Static task
static1
Behavioral task
behavioral1
Sample
script1.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
script1.exe
-
Size
7.2MB
-
MD5
cc45f791667f3b9fb6281414f5325561
-
SHA1
df8b29bbc15712f928a61f6d0c8e045d823dce84
-
SHA256
dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785
-
SHA512
f70692b95b4b09d65f5bf4ef5915fccbf2f0628ad206e3fa064b6d595e5176d4e9d89368215b474e0ca95f38bae918fe31f2d64aa9849a9045cd5b4d84ff95d7
-
Modifies security service
-
XMRig Miner Payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-