Behavioral task
behavioral1
Sample
NEAS.044b4baa9f820add5d968af1cfec9b40_JC.exe
Resource
win7-20230831-en
General
-
Target
NEAS.044b4baa9f820add5d968af1cfec9b40_JC.exe
-
Size
1.8MB
-
MD5
044b4baa9f820add5d968af1cfec9b40
-
SHA1
f6e845680459af2586f60156777a868f1958bd96
-
SHA256
9627abee662daaec1c3b32c1c2ef7ae28976218d3a8148a731d54550682e2f99
-
SHA512
9e4864bcb141a06cba8699a38a72a1d2beb42156dbc0db2e11a59097673448e0e0deb15d4b0269b8afc3b8f0ff078ff9b8e0a89a15c0c7a802bea35dfa3fcc6d
-
SSDEEP
49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AjEot:BemTLkNdfE0pZrq
Malware Config
Signatures
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.044b4baa9f820add5d968af1cfec9b40_JC.exe
Files
-
NEAS.044b4baa9f820add5d968af1cfec9b40_JC.exe.exe windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 724KB - Virtual size: 3.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 272KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE