General
-
Target
861c02e04fd2acexeexeexeex.exe
-
Size
14.9MB
-
Sample
230709-xv4qysfc64
-
MD5
861c02e04fd2ac34e754c5546ea959e1
-
SHA1
bdeb56c41e2dab99cbee278772ff6444b89f6ccb
-
SHA256
7c488b06a5e1635925a2db03e7bca29f9b56d916e5485b33485db447a9166110
-
SHA512
b12474cda39b537a8d35e82dae7fb86fe3efa2d3bce72be9dc867ce112ff8b59e3d9fb33936f04c1f8ab0210a05df8d287a8bc61b8fda4c650b4d3078e7c635d
-
SSDEEP
98304:YmBtyYXmknGzZr+HdO5SEPFtmOZ9G1Md5v/nZVnivsAl0eXTBJYa5roSCaa:I6mknGzwHdOgEPHd9BbX/nivPlTXTYr
Behavioral task
behavioral1
Sample
861c02e04fd2acexeexeexeex.exe
Resource
win7-20230703-en
Malware Config
Targets
-
-
Target
861c02e04fd2acexeexeexeex.exe
-
Size
14.9MB
-
MD5
861c02e04fd2ac34e754c5546ea959e1
-
SHA1
bdeb56c41e2dab99cbee278772ff6444b89f6ccb
-
SHA256
7c488b06a5e1635925a2db03e7bca29f9b56d916e5485b33485db447a9166110
-
SHA512
b12474cda39b537a8d35e82dae7fb86fe3efa2d3bce72be9dc867ce112ff8b59e3d9fb33936f04c1f8ab0210a05df8d287a8bc61b8fda4c650b4d3078e7c635d
-
SSDEEP
98304:YmBtyYXmknGzZr+HdO5SEPFtmOZ9G1Md5v/nZVnivsAl0eXTBJYa5roSCaa:I6mknGzwHdOgEPHd9BbX/nivPlTXTYr
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Contacts a large (48392) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
mimikatz is an open source tool to dump credentials on Windows
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Creates a Windows Service
-
Drops file in System32 directory
-