Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2023 02:44

General

  • Target

    xmrig-6.18.1/rtm_ghostrider_example.cmd

  • Size

    1KB

  • MD5

    9b7762432e3ab03dc49b1989ec7b8d1c

  • SHA1

    ac7f0df988b00f665e29c6204866d8ba4cc18b5f

  • SHA256

    bfcef8b9791893a58f4a999190e83d8426a6d1be6b7ee9ccd8bd06f5e55d314d

  • SHA512

    920f6c7cb3f95c82ec7a97314166c7a7165ee4d6d658c70d64f6528515dd7b10e9d0c28f91fa958b47663d854fa8037ec2ca8368e7d550f5f2c49a16504ffa88

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.1\rtm_ghostrider_example.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.1\xmrig.exe
      xmrig.exe -a gr -o raptoreumemporium.com:3008 -u WALLET_ADDRESS -p x
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:972

Network

  • flag-unknown
    DNS
    raptoreumemporium.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    raptoreumemporium.com
    IN A
    Response
    raptoreumemporium.com
    IN A
    172.14.53.224
  • 172.14.53.224:3008
    raptoreumemporium.com
    xmrig.exe
    152 B
    3
  • 172.14.53.224:3008
    raptoreumemporium.com
    xmrig.exe
    152 B
    3
  • 172.14.53.224:3008
    raptoreumemporium.com
    xmrig.exe
    152 B
    3
  • 172.14.53.224:3008
    raptoreumemporium.com
    xmrig.exe
    152 B
    3
  • 172.14.53.224:3008
    raptoreumemporium.com
    xmrig.exe
    152 B
    3
  • 172.14.53.224:3008
    raptoreumemporium.com
    xmrig.exe
    152 B
    3
  • 8.8.8.8:53
    raptoreumemporium.com
    dns
    xmrig.exe
    67 B
    83 B
    1
    1

    DNS Request

    raptoreumemporium.com

    DNS Response

    172.14.53.224

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/972-55-0x00000000003F0000-0x0000000000410000-memory.dmp

    Filesize

    128KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.