Overview

overview

10

Static

static

1

My2.exe

windows7-x64

10

My2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    My2.exe

  • Size

    5.2MB

  • Sample

    230922-fb2zksda9v

  • MD5

    7af78ecfa55e8aeb8b699076266f7bcf

  • SHA1

    432c9deb88d92ae86c55de81af26527d7d1af673

  • SHA256

    f7284ade2ca0aeb432cf1fdae5ab0c724f81d10b914f6d4c2c15ef0f60ff316e

  • SHA512

    3c0ae6b6e4a896da52faff4fb2e958abb2856330cbba6ff4b7a59e7512475e1739cccf2cfda7dde492f381d3225263bc77e3154983e86933fa074696e92a059e

  • SSDEEP

    98304:BqbZdlRakLa7Czy+JG87IlPEU0KQjvcnyEU:0ZdlRtLa7C2InBU0KQjv8U

Score
10/10
xmrigevasionminer

Malware Config

Targets

    • Target

      My2.exe

    • Size

      5.2MB

    • MD5

      7af78ecfa55e8aeb8b699076266f7bcf

    • SHA1

      432c9deb88d92ae86c55de81af26527d7d1af673

    • SHA256

      f7284ade2ca0aeb432cf1fdae5ab0c724f81d10b914f6d4c2c15ef0f60ff316e

    • SHA512

      3c0ae6b6e4a896da52faff4fb2e958abb2856330cbba6ff4b7a59e7512475e1739cccf2cfda7dde492f381d3225263bc77e3154983e86933fa074696e92a059e

    • SSDEEP

      98304:BqbZdlRakLa7Czy+JG87IlPEU0KQjvcnyEU:0ZdlRtLa7C2InBU0KQjv8U

    Score
    10/10
    xmrigevasionminer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks