General
-
Target
notepad.exe
-
Size
4.6MB
-
Sample
230111-lcp93afe91
-
MD5
f91a4f2fe37f1008f8f2b0d597dbd5fa
-
SHA1
3293698ca35076659fbaaac4868ba57afc3e560d
-
SHA256
c3031bd36d177c5468c59ef675d13ac9426a973e23df9c7749fb79e98a89bdc1
-
SHA512
64e0815402e0b2fa2dc43b23a129c2aeb1378d589924eec3105617f1da96e00568e59dda87040e4f2c43e74410398f98d007f0fb6be8fe835e2a205b29798bc1
-
SSDEEP
98304:Ff2WmtHyEOQPBxeasACzue9KtecGu7YRq4AXb6nJXSTH1h+MD+xT:ktHRGasnnu0iXb6ntSWM
Static task
static1
Malware Config
Targets
-
-
Target
notepad.exe
-
Size
4.6MB
-
MD5
f91a4f2fe37f1008f8f2b0d597dbd5fa
-
SHA1
3293698ca35076659fbaaac4868ba57afc3e560d
-
SHA256
c3031bd36d177c5468c59ef675d13ac9426a973e23df9c7749fb79e98a89bdc1
-
SHA512
64e0815402e0b2fa2dc43b23a129c2aeb1378d589924eec3105617f1da96e00568e59dda87040e4f2c43e74410398f98d007f0fb6be8fe835e2a205b29798bc1
-
SSDEEP
98304:Ff2WmtHyEOQPBxeasACzue9KtecGu7YRq4AXb6nJXSTH1h+MD+xT:ktHRGasnnu0iXb6ntSWM
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-