General
-
Target
c7ad8aff4b9bcaaf8362bc46dbb335bd
-
Size
5.0MB
-
Sample
220811-21nn5sdebn
-
MD5
c7ad8aff4b9bcaaf8362bc46dbb335bd
-
SHA1
6da9bd46beba784cde7bce3d73963567c9efb9b0
-
SHA256
1c135b72fe995cb7bea00a9d7c78e88be394834e2f831703c6170e7b3d430d84
-
SHA512
e6d3f7e3e73f8445c8233202b143d5a932c7b6d0ee53c77de857a825db416bc0c73d32eaea6b7720af3ee582089dbe9071426dcbf2c02bd96e2db9ac379b0aa3
Static task
static1
Behavioral task
behavioral1
Sample
c7ad8aff4b9bcaaf8362bc46dbb335bd.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
c7ad8aff4b9bcaaf8362bc46dbb335bd
-
Size
5.0MB
-
MD5
c7ad8aff4b9bcaaf8362bc46dbb335bd
-
SHA1
6da9bd46beba784cde7bce3d73963567c9efb9b0
-
SHA256
1c135b72fe995cb7bea00a9d7c78e88be394834e2f831703c6170e7b3d430d84
-
SHA512
e6d3f7e3e73f8445c8233202b143d5a932c7b6d0ee53c77de857a825db416bc0c73d32eaea6b7720af3ee582089dbe9071426dcbf2c02bd96e2db9ac379b0aa3
-
Modifies security service
-
XMRig Miner payload
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-