General
-
Target
installer.exe
-
Size
4.3MB
-
Sample
230316-wa5xvacb63
-
MD5
ccaffcd12dcb30adb5250f30026ecd1e
-
SHA1
4048dc71db497f641a4f35eb00ac3c163c394978
-
SHA256
fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa
-
SHA512
a196e58aaff3f68e15df0de667541d103c78d0f8cf114ff3f5770444de1a30b0dc46c4d0dcafbc8bd81538660d401c57dc18de8b6b3769b81cc4e8ff7f316286
-
SSDEEP
98304:w1XNI4kmUg+DgxP1Wrj3DIIs0LHhjwSKVjV3:w9NInmUg5xqX/sCHhj7K5p
Static task
static1
Behavioral task
behavioral1
Sample
installer.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
installer.exe
-
Size
4.3MB
-
MD5
ccaffcd12dcb30adb5250f30026ecd1e
-
SHA1
4048dc71db497f641a4f35eb00ac3c163c394978
-
SHA256
fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa
-
SHA512
a196e58aaff3f68e15df0de667541d103c78d0f8cf114ff3f5770444de1a30b0dc46c4d0dcafbc8bd81538660d401c57dc18de8b6b3769b81cc4e8ff7f316286
-
SSDEEP
98304:w1XNI4kmUg+DgxP1Wrj3DIIs0LHhjwSKVjV3:w9NInmUg5xqX/sCHhj7K5p
-
Modifies security service
-
XMRig Miner payload
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Executes dropped EXE
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-