xmrig | b14d2da38376c93b632d1af8744b246c2de3d5d0890d207682d4168a1152bbbd

Analysis

max time kernel
1800s
max time network
1785s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e.exe
Size

5.4MB
MD5

a5a96cab29129f3533b3dced4b547006
SHA1

c826abdf0d67a1ebadfe34bdad0d3a4e085b1126
SHA256

b14d2da38376c93b632d1af8744b246c2de3d5d0890d207682d4168a1152bbbd
SHA512

de54608a1e34aa10b54a7136746ad28ed74063f07561953fc7bd1cce55b7d5834826c2e105dcdeda0b0f2fae3c34467a8541c2d7770b0c34facfcdf7424df07d
SSDEEP

98304:KzsS668Vp0Sq7PKFoIwFecmDaN36DgvuHlBV+JslC3uBtq9o1:KI163Sq7PwwiaN36DgvuHl6d32qq

Score

10^/10

xmrig miner

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1080 created 3164	1080	e.exe	55

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/1080-136-0x00007FF7174C0000-0x00007FF717A35000-memory.dmp	xmrig
behavioral1/memory/1548-139-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-140-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-141-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-143-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-145-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-146-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-147-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-148-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-149-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-150-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-151-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-152-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-153-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-154-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-155-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-156-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-157-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-158-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-159-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-160-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-161-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-162-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-163-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-164-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-165-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-166-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-167-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-168-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-169-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-170-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-171-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-172-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-173-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-174-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-175-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-176-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-177-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-178-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-181-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-184-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-185-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-186-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-187-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-188-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-189-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-190-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-191-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-192-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-193-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-194-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-195-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-196-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-197-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-198-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-199-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-200-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-201-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-202-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-203-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-204-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig
behavioral1/memory/1548-205-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp	xmrig

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1080 set thread context of 1548	1080	e.exe	93

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1080	e.exe
1080	e.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
676	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1548	explorer.exe
Token: SeLockMemoryPrivilege	1548	explorer.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 1548	1080	e.exe	93

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3164
- C:\Users\Admin\AppData\Local\Temp\e.exe
  "C:\Users\Admin\AppData\Local\Temp\e.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1080
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-133-0x00007FF7174C0000-0x00007FF717A35000-memory.dmp

Filesize
5.5MB

Download
memory/1080-136-0x00007FF7174C0000-0x00007FF717A35000-memory.dmp

Filesize
5.5MB

Download
memory/1548-137-0x0000000002820000-0x0000000002840000-memory.dmp

Filesize
128KB

Download
memory/1548-138-0x0000000013090000-0x00000000130D0000-memory.dmp

Filesize
256KB

Download
memory/1548-139-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-140-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-141-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-142-0x0000000013880000-0x00000000138A0000-memory.dmp

Filesize
128KB

Download
memory/1548-143-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-144-0x0000000013880000-0x00000000138A0000-memory.dmp

Filesize
128KB

Download
memory/1548-145-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-146-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-147-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-148-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-149-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-150-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-151-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-152-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-153-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-154-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-155-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-156-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-157-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-158-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-159-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-160-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-161-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-162-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-163-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-164-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-165-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-166-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-167-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-168-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-169-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-170-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-171-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-172-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-173-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-174-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-175-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-176-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-177-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-178-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-179-0x0000000013880000-0x00000000138A0000-memory.dmp

Filesize
128KB

Download
memory/1548-180-0x00000000140B0000-0x00000000140D0000-memory.dmp

Filesize
128KB

Download
memory/1548-181-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-182-0x0000000013880000-0x00000000138A0000-memory.dmp

Filesize
128KB

Download
memory/1548-183-0x00000000140B0000-0x00000000140D0000-memory.dmp

Filesize
128KB

Download
memory/1548-184-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-185-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-186-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-187-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-188-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-189-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-190-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-191-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-192-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-193-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-194-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-195-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-196-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-197-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-198-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-199-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-200-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-201-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-202-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-203-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-204-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download
memory/1548-205-0x00007FF76C4F0000-0x00007FF76CCDF000-memory.dmp

Filesize
7.9MB

Download