script1.exe

General
Target

script1.exe

Size

7MB

Sample

220519-2hj81acee5

Score
10 /10
MD5

cc45f791667f3b9fb6281414f5325561

SHA1

df8b29bbc15712f928a61f6d0c8e045d823dce84

SHA256

dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785

SHA512

f70692b95b4b09d65f5bf4ef5915fccbf2f0628ad206e3fa064b6d595e5176d4e9d89368215b474e0ca95f38bae918fe31f2d64aa9849a9045cd5b4d84ff95d7

Malware Config
Targets
Target

script1.exe

MD5

cc45f791667f3b9fb6281414f5325561

Filesize

7MB

Score
10/10
SHA1

df8b29bbc15712f928a61f6d0c8e045d823dce84

SHA256

dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785

SHA512

f70692b95b4b09d65f5bf4ef5915fccbf2f0628ad206e3fa064b6d595e5176d4e9d89368215b474e0ca95f38bae918fe31f2d64aa9849a9045cd5b4d84ff95d7

Tags

Signatures

  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • XMRig Miner Payload

    Tags

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Possible privilege escalation attempt

    Tags

  • Stops running service(s)

    Tags

    TTPs

    Modify Existing ServiceService Stop
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1