Overview

overview

10

Static

static

monly.exe

windows7-x64

10

monly.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    monly.exe

  • Size

    2.0MB

  • Sample

    230112-gat31sfc43

  • MD5

    50591643463aa061f6a1093c224685ad

  • SHA1

    8647dad50e4fe4cc5a5908cfad55a214536b59fa

  • SHA256

    7981b6a4a0f64eae7f318771206be555f703e58e094170fdc1e0f561fb961f69

  • SHA512

    164f909f16065e46dabee2f1d59db5036903778aedf2ed78841dcec38b3fdbafd39fc5b3c7f9089aba0815baf20b8a89abf374a05162ab47fb572ed0b4908f9b

  • SSDEEP

    49152:nDLC8ycrPTN6kydQIaWCZgZK/3nXbemOIYVzZG6qpdy709Ym+o:n68ycvN/6dU3XMVzZHqpsAYm+o

Score
10/10
xmrigminerupx

Malware Config

Targets

    • Target

      monly.exe

    • Size

      2.0MB

    • MD5

      50591643463aa061f6a1093c224685ad

    • SHA1

      8647dad50e4fe4cc5a5908cfad55a214536b59fa

    • SHA256

      7981b6a4a0f64eae7f318771206be555f703e58e094170fdc1e0f561fb961f69

    • SHA512

      164f909f16065e46dabee2f1d59db5036903778aedf2ed78841dcec38b3fdbafd39fc5b3c7f9089aba0815baf20b8a89abf374a05162ab47fb572ed0b4908f9b

    • SSDEEP

      49152:nDLC8ycrPTN6kydQIaWCZgZK/3nXbemOIYVzZG6qpdy709Ym+o:n68ycvN/6dU3XMVzZHqpsAYm+o

    Score
    10/10
    xmrigminerupx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks