Overview

overview

10

Static

static

10

xmrig-6.18...64.exe

windows7-x64

xmrig-6.18...64.exe

windows10-2004-x64

xmrig-6.18...0M.cmd

windows7-x64

1

xmrig-6.18...0M.cmd

windows10-2004-x64

1

xmrig-6.18...1M.cmd

windows7-x64

1

xmrig-6.18...1M.cmd

windows10-2004-x64

1

xmrig-6.18...le.cmd

windows7-x64

1

xmrig-6.18...le.cmd

windows10-2004-x64

1

xmrig-6.18...le.cmd

windows7-x64

1

xmrig-6.18...le.cmd

windows10-2004-x64

1

xmrig-6.18...le.cmd

windows7-x64

1

xmrig-6.18...le.cmd

windows10-2004-x64

1

xmrig-6.18...rt.cmd

windows7-x64

1

xmrig-6.18...rt.cmd

windows10-2004-x64

1

xmrig-6.18...ig.exe

windows7-x64

1

xmrig-6.18...ig.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2023 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xmrig-6.18.1/solo_mine_example.cmd

  • Size

    815B

  • MD5

    9a6e73e55c32bb8db34e599a8ae176a3

  • SHA1

    bf4b8811a649529fd821fdee9236622cd1d4ad3d

  • SHA256

    6e87f8c30fe0ef0035227ed01d3824223b72c9a196bdcd3202bb0a533d0ea804

  • SHA512

    aefca1b39751dd5caf3050c8e2dbe0a53ac2d0d14d9178ae10e7b33af256a30fc7522884c1ad5fcfca83fd18aed5bd05c350bbb103bf597ac00fe33b220a53b0

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.1\solo_mine_example.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.1\xmrig.exe
      xmrig.exe -o node.xmr.to:18081 -a rx/0 -u 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD --daemon
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-133-0x000001DA649F0000-0x000001DA64A10000-memory.dmp

    Filesize

    128KB

    Download