xmrig | 032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe | Triage

Submit
Reports

Overview

overview

Static

static

032f2e845d...be.exe

windows7-x64

032f2e845d...be.exe

windows10-2004-x64

Resubmissions

23-11-2022 12:41

221123-pw91csfe6t 10

23-11-2022 12:32

221123-pqv91sfb5y 10

Sharing

General

Target

032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe
Size

6.8MB
Sample

221123-pw91csfe6t
MD5

a5cc0738a563489458f6541c3d3dc722
SHA1

c4647225139bfde320f51f7af5751c33930f3787
SHA256

032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe
SHA512

3239e0fedecb92738fed530822bbe5b49c011cd425f162c2032df068ce676cb6286b1d2eb3d7711d090e5014228d1cf021410ff7d3351e81acbf1d046ab02537
SSDEEP

196608:WIQ9gu6aCQeL7fgzVwu4UN6KB3/0V61S+I:WIsp6axeLCIE6QyIvI

Score

10^/10

xmrig miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe.exe

Resource

win7-20220812-en

xmrig miner persistence

windows7-x64

13 signatures

1200 seconds

Behavioral task

behavioral2

Sample

032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe.exe

Resource

win10v2004-20220812-en

xmrig miner persistence

windows10-2004-x64

12 signatures

1200 seconds

Malware Config

Targets

- Target
  
  032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe
- Size
  
  6.8MB
- MD5
  
  a5cc0738a563489458f6541c3d3dc722
- SHA1
  
  c4647225139bfde320f51f7af5751c33930f3787
- SHA256
  
  032f2e845d2b9832c7845bc6a7de650ee2148891c8ee442fe3f3a8478e588dbe
- SHA512
  
  3239e0fedecb92738fed530822bbe5b49c011cd425f162c2032df068ce676cb6286b1d2eb3d7711d090e5014228d1cf021410ff7d3351e81acbf1d046ab02537
- SSDEEP
  
  196608:WIQ9gu6aCQeL7fgzVwu4UN6KB3/0V61S+I:WIsp6axeLCIE6QyIvI
Score

10^/10

xmrig miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xmrigminerpersistence

behavioral2

xmrigminerpersistence

© 2018-2024

Terms | Privacy