xmrig | dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785 | Triage

Submit
Reports

Overview

overview

Static

static

script1.exe

windows7_x64

script1.exe

windows10-2004_x64

Sharing

General

Target

script1.exe
Size

7.2MB
Sample

220519-2hj81acee5
MD5

cc45f791667f3b9fb6281414f5325561
SHA1

df8b29bbc15712f928a61f6d0c8e045d823dce84
SHA256

dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785
SHA512

f70692b95b4b09d65f5bf4ef5915fccbf2f0628ad206e3fa064b6d595e5176d4e9d89368215b474e0ca95f38bae918fe31f2d64aa9849a9045cd5b4d84ff95d7

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

script1.exe

Resource

win7-20220414-en

xmrig discovery evasion exploit miner

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

script1.exe

Resource

win10v2004-20220414-en

xmrig discovery evasion exploit miner

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  script1.exe
- Size
  
  7.2MB
- MD5
  
  cc45f791667f3b9fb6281414f5325561
- SHA1
  
  df8b29bbc15712f928a61f6d0c8e045d823dce84
- SHA256
  
  dde77f52e25c661b86b499b40e627512b5713e53744c2bafb57450d7fdac3785
- SHA512
  
  f70692b95b4b09d65f5bf4ef5915fccbf2f0628ad206e3fa064b6d595e5176d4e9d89368215b474e0ca95f38bae918fe31f2d64aa9849a9045cd5b4d84ff95d7
Score

10^/10

xmrig discovery evasion exploit miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

xmrigdiscoveryevasionexploitminer

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy