Overview

overview

10

Static

static

10bb8c29f6...69.exe

windows7-x64

10

10bb8c29f6...69.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/09/2022, 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10bb8c29f65868b36a454c722ae01969.exe

  • Size

    4.1MB

  • MD5

    10bb8c29f65868b36a454c722ae01969

  • SHA1

    5b68e0d3e170207b04b96eb23a4f67620cba0170

  • SHA256

    68984f5ac7696cc5398c6b9912770041953b3d7bb1f92cd16854b5a0db1955bc

  • SHA512

    0393cac3516e173f66cf8430c1b1c2216a677f714e102db25a6c0c39003fbd65d137d73a6756017cd1e7846d1fd3e4c7f4631f2d5e8d2f7a61baa59536b72540

  • SSDEEP

    98304:N4OyiLwkUPYwyuZXPklUrQj3AZBKMisGmiNX1bsUtS1r4xM0/o:NbNLw1PrZ/bsbUmCQX3tSqA

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10bb8c29f65868b36a454c722ae01969.exe
    "C:\Users\Admin\AppData\Local\Temp\10bb8c29f65868b36a454c722ae01969.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe pcuxkibwfapwhvzm1 6E3sjfZq2rJQaxvLPmXgsA4f0StS9pic9Xw++oZ1mnbMNdSoXP4ts/KtNDhUPQkUOWlLosYbrY2pwtQQU1JTuikNmZuGmV+6BbKlyKFD6zdAaaNcQqky2iJHSWRIHnss9X/nab3QoNVM/Ta0kPMjvUxJH02YjP5XrdviLouahJX3Q1zD8omsKRft5FC/3aHRX5nzuLKj6v+l1hD7RDcnRlZOinraqnGRmc1rfZVBSryXdWQXUdRaex46bFg0DdbEVFMZ4l0pshLxALGam+crSqgmoA+SAgVTiLqPU5NWi5uz8p9/Px4ZVwH3rGiyQeauAdOPHdWjMSLjdPXQwzIiHwOAjFFE5CqTkW9rgSKBlevE7bTasEexce14S+TdxAbNPSrsW2DMq8LcazEG7sh428X1gT4o5W2jpf5fY/EMDWD9CKIkKRoLtfFe70OaU67cjMAYIj/AZI0xT94JqMRUWgt/sbZu8yCnNnxa9lrrvg2H53pbs3LI7hr+EUbmTQCoqVrW0bwsGKA92LClZBPI4vmpqpgf5KmusPiS52e3rU0=
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-140-0x0000000000AD0000-0x0000000000AF0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-141-0x0000000140000000-0x0000000140809000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3004-147-0x0000000013A40000-0x0000000013A60000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-135-0x0000000140000000-0x0000000140809000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3004-137-0x0000000140000000-0x0000000140809000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3004-146-0x0000000013370000-0x0000000013390000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-145-0x00000000135A0000-0x00000000135C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-144-0x00000000135A0000-0x00000000135C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-139-0x0000000140000000-0x0000000140809000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3004-142-0x0000000012D90000-0x0000000012DD0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3004-143-0x0000000140000000-0x0000000140809000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/4872-132-0x00000000005C0000-0x00000000009DE000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4872-138-0x00007FFA06C20000-0x00007FFA076E1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4872-133-0x000000001C470000-0x000000001C482000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4872-134-0x00007FFA06C20000-0x00007FFA076E1000-memory.dmp

    Filesize

    10.8MB

    Download