xmrig | a44d659227b87e959a7807b9d85d2fd571665a4296590ed59114cc5b3ebf94f0 | Triage

Submit
Reports

Overview

overview

Static

static

1

fef75dbf20...aa.exe

windows7-x64

fef75dbf20...aa.exe

windows10-2004-x64

Sharing

General

Target

ccaffcd12dcb30adb5250f30026ecd1e.bin
Size

4.1MB
Sample

230317-js811afa45
MD5

489156d1f70a1022a68d781ef45c9ff6
SHA1

8db1cc08eed99624c5cf38b87bf779979f892faa
SHA256

a44d659227b87e959a7807b9d85d2fd571665a4296590ed59114cc5b3ebf94f0
SHA512

22da74413f53c2e492dbbecaab38a09e96c6fddb942a3b2f3e1e0d3169e6adf7d1e15cc0447e8da34db7dd08aa25dc7ff0ecd2b06b8784a423990e668f45c0d6
SSDEEP

49152:2gPOeHehrDXAEP/e3I4MX9EegUAlyvwy2up7hdb8dRmPzYW6lvNTZSkkuQQsOdu9:F2eHeJne3I4Uau9vSmPsW6lvjJQ8dr8Z

Score

10^/10

xmrig discovery evasion exploit miner

Static task

static1

Behavioral task

behavioral1

Sample

fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa.exe

Resource

win7-20230220-en

discovery evasion exploit

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa.exe

Resource

win10v2004-20230220-en

xmrig discovery evasion exploit miner

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa.exe
- Size
  
  4.3MB
- MD5
  
  ccaffcd12dcb30adb5250f30026ecd1e
- SHA1
  
  4048dc71db497f641a4f35eb00ac3c163c394978
- SHA256
  
  fef75dbf20c3ba832b5ed9d057f26e61915501bae7c1e11c367793546c7713aa
- SHA512
  
  a196e58aaff3f68e15df0de667541d103c78d0f8cf114ff3f5770444de1a30b0dc46c4d0dcafbc8bd81538660d401c57dc18de8b6b3769b81cc4e8ff7f316286
- SSDEEP
  
  98304:w1XNI4kmUg+DgxP1Wrj3DIIs0LHhjwSKVjV3:w9NInmUg5xqX/sCHhj7K5p
Score

10^/10

discovery evasion exploit xmrig miner
- Modifies security service
  evasion
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploit

behavioral2

xmrigdiscoveryevasionexploitminer

© 2018-2024

Terms | Privacy