Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    5.6MB

  • Sample

    230522-tyx6ssbd48

  • MD5

    3220acfff168d5e036b68da6d87e6ca7

  • SHA1

    b1dffff6b88949b27711e6e488ba297e34fa2a47

  • SHA256

    656d8f62def258e808aa521a7a29ee10363e80f1df24435d54e76986b77a2039

  • SHA512

    1bc7ab23e65cbf7bfd96b6784a72be17dac97f6834978f44a5b9e37646e297721c5b7b709b40a963c98a46d8beffce0bec6c730d714a7956531608db0f9f665d

  • SSDEEP

    98304:OpZQty0tThU51E8Rn9lI19gf2Y/TkbiR41JYhdX+XpwSkwW6ZCr71N+:OAP2//V9lILQR4khdX+Xtkw38b+

Score
10/10
xmrigevasionminer

Malware Config

Targets

    • Target

      tmp

    • Size

      5.6MB

    • MD5

      3220acfff168d5e036b68da6d87e6ca7

    • SHA1

      b1dffff6b88949b27711e6e488ba297e34fa2a47

    • SHA256

      656d8f62def258e808aa521a7a29ee10363e80f1df24435d54e76986b77a2039

    • SHA512

      1bc7ab23e65cbf7bfd96b6784a72be17dac97f6834978f44a5b9e37646e297721c5b7b709b40a963c98a46d8beffce0bec6c730d714a7956531608db0f9f665d

    • SSDEEP

      98304:OpZQty0tThU51E8Rn9lI19gf2Y/TkbiR41JYhdX+XpwSkwW6ZCr71N+:OAP2//V9lILQR4khdX+Xtkw38b+

    Score
    10/10
    xmrigevasionminer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks