xmrig | bd815dc2deab9e355f67b97c032c172be6444b939df066aedb8e60ee84fd6a33 | Triage

Submit
Reports

Overview

overview

Static

static

7a90312b84...c0.exe

windows7-x64

7a90312b84...c0.exe

windows10-2004-x64

Sharing

General

Target

7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
Size

600KB
Sample

221130-dnq2qsfc9z
MD5

380db35deae657f4fab46d97f6d4faff
SHA1

228e7a8cdbb4329f0e370d2a7952257d7bba101a
SHA256

bd815dc2deab9e355f67b97c032c172be6444b939df066aedb8e60ee84fd6a33
SHA512

3a575114147da263f938eafba407eeb7b76c14cdefa2ea27d6ab3e9ce1284f56fc94336023d50a873e64cbf59fb431b3b9817f4034a90136e5399c31b0cb65d6
SSDEEP

12288:OCntmdCr4tMhP5aYJKHVncNbCQB6X/+hiYDq6Q:7t90tMhFJKNUE+Ej

Score

10^/10

xmrig miner

Static task

static1

Behavioral task

behavioral1

Sample

7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0.exe

Resource

win7-20220901-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
- Size
  
  648KB
- MD5
  
  4f17d8dcc61d0dea7dd6c4cd0162b246
- SHA1
  
  d3a2505f416a32ed98e71117db7188cf1a464c5d
- SHA256
  
  7a90312b845d684d8f0a2ae95cfc5f616d00dd25cbcb172335a36dd90c3340c0
- SHA512
  
  c4364d742f83dde0aec4a6120f5521bfff3df7e522eb43a3c9bcca6f3fbf3fdd000edb6aeceb2e4c84bebea46a6a3b110f538a982ce41919fb9f8da88ece98b2
- SSDEEP
  
  12288:cm+6CtnUrur4tohP1aYZKHbncTnCQB6X/MJiY:x+rpX0tohhZKb+YM
Score

10^/10

xmrig miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy