Overview

overview

10

Static

static

3

a04e6163df...55.exe

windows7-x64

10

a04e6163df...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a04e6163df65a8e04e2b475d0cf15755.exe

  • Size

    21.7MB

  • MD5

    a04e6163df65a8e04e2b475d0cf15755

  • SHA1

    3addae560d8d0d6c3f90231aeb5bba31f32f3ede

  • SHA256

    c8b2a95772513443b8190da58118e3fbfa5bb1de6fb61bfc9591e6ed005c72b6

  • SHA512

    0c63422273d46e6b4e255fcfd78362665b90e1bfa2d2a8b733f7c7c83f2a8050b6955b893522ecd2ee59e1f84b0a4546c05f5ca7bc333fd26d5e257cd7f48ce9

  • SSDEEP

    393216:fgLhy8yLsNyFQJ+Fx8VWUt6XM9g0rTwygZHz1aMbeLn0/JJzyGsnbhsRfg:I1JCswFQJ+FGr6XM9g0g5z1aMaD0xJH2

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 14 IoCs
    miner
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a04e6163df65a8e04e2b475d0cf15755.exe
    "C:\Users\Admin\AppData\Local\Temp\a04e6163df65a8e04e2b475d0cf15755.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe --cinit-find-x -B -a rx/0 --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=pool.supportxmr.com:3333 -u 44XUb34A5rdHk1oZSPfxneTeZWGasDV1aJKR1decyXbm1RLsM4Ti5URUVv2JaH7VXQTbWZFvsEDsaWRpFfxFXAYdPqGHrYZ -p --cpu-max-threads-hint=70
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2772

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2440-1-0x000000013FDE0000-0x0000000141392000-memory.dmp

          Filesize

          21.7MB

          Download

        • memory/2440-0-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2440-2-0x000000001B230000-0x000000001B2B0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2440-3-0x000000001C230000-0x000000001D7E0000-memory.dmp

          Filesize

          21.7MB

          Download

        • memory/2440-32-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2772-5-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-33-0x00000000000F0000-0x0000000000110000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2772-9-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-13-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-15-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-17-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-19-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-23-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-25-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-7-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-34-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-11-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-31-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-29-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-27-0x000007FFFFFDD000-0x000007FFFFFDE000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2772-21-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-35-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-36-0x0000000000150000-0x0000000000170000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2772-37-0x00000000003A0000-0x00000000003C0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2772-38-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-39-0x0000000140000000-0x0000000140705000-memory.dmp

          Filesize

          7.0MB

          Download

        • memory/2772-40-0x0000000000150000-0x0000000000170000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2772-41-0x00000000003A0000-0x00000000003C0000-memory.dmp

          Filesize

          128KB

          Download