General
-
Target
c022607a31917eexeexeexeex.exe
-
Size
8.9MB
-
Sample
230709-ylj6magf2z
-
MD5
c022607a31917e783469db076a7ee535
-
SHA1
930bbc20635ffad8f8d08c45fcd93c94accb2a3b
-
SHA256
824c060aded406cb9827c1d7cf1133d20848452cddb96fb074440e88b7f915d4
-
SHA512
8f9a353dd1c11bcaf1e615113e16cece121c636e384e98f3ccf31a9e2e1f15759541186019f549bb9b277f164073891211517c7f4531f79768334268eeb91816
-
SSDEEP
196608:MxygkmknGzwHdOgEPHd9BRX/nivPlTXTYo:Y5jz0E51/iv1
Behavioral task
behavioral1
Sample
c022607a31917eexeexeexeex.exe
Resource
win7-20230705-en
Malware Config
Targets
-
-
Target
c022607a31917eexeexeexeex.exe
-
Size
8.9MB
-
MD5
c022607a31917e783469db076a7ee535
-
SHA1
930bbc20635ffad8f8d08c45fcd93c94accb2a3b
-
SHA256
824c060aded406cb9827c1d7cf1133d20848452cddb96fb074440e88b7f915d4
-
SHA512
8f9a353dd1c11bcaf1e615113e16cece121c636e384e98f3ccf31a9e2e1f15759541186019f549bb9b277f164073891211517c7f4531f79768334268eeb91816
-
SSDEEP
196608:MxygkmknGzwHdOgEPHd9BRX/nivPlTXTYo:Y5jz0E51/iv1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Contacts a large (52990) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
mimikatz is an open source tool to dump credentials on Windows
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Creates a Windows Service
-
Drops file in System32 directory
-