xmrig | ccc2ea5c6c77c63d946aa879fba1c0ecdf1012579663fa0c5cf685321c4e2bdc

Analysis

max time kernel
3s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 00:38

Target

46f142ec4f1558f8f9c1fa21ea537a18.exe
Size

22.3MB
MD5

46f142ec4f1558f8f9c1fa21ea537a18
SHA1

3432b472d77ab23eaeb84d8a1216760026ea2bed
SHA256

ccc2ea5c6c77c63d946aa879fba1c0ecdf1012579663fa0c5cf685321c4e2bdc
SHA512

2f91404aea498853b43fc55afaf2d9de0f9fa590a99b370e36b7685bfb7a175e9c54458ba9de0b90e9aed4f22218032af77b77697584be26ac9fe349a2e9634e
SSDEEP

393216:KNeT0wtyhnylmtmtIslCRk2TdGAUae9Sp18eNdU6yxqZGeeV4QduZKLNY/FTuB2F:qXylAdVu9SpyhxeQVa0NY/FawO

Score

10^/10

xmrig miner

XMRig Miner payload 5 IoCs

miner

resource	yara_rule
behavioral2/memory/2072-2-0x000000000DEE0000-0x000000001087A000-memory.dmp	xmrig
behavioral2/files/0x0006000000023232-15.dat	family_xmrig
behavioral2/files/0x0006000000023232-15.dat	xmrig
behavioral2/files/0x0006000000023232-21.dat	family_xmrig
behavioral2/files/0x0006000000023232-21.dat	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2072	46f142ec4f1558f8f9c1fa21ea537a18.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2072	46f142ec4f1558f8f9c1fa21ea537a18.exe

C:\Users\Admin\AppData\Local\Temp\46f142ec4f1558f8f9c1fa21ea537a18.exe
"C:\Users\Admin\AppData\Local\Temp\46f142ec4f1558f8f9c1fa21ea537a18.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2072
- C:\Users\Admin\AppData\Roaming\xmrig.exe
  "C:\Users\Admin\AppData\Roaming\xmrig.exe"
  2⤵
  PID:408

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\xmrig.exe

Filesize
381KB

MD5
5b01e7a62a4828599c62c99d83462582

SHA1
2ad7a9e5ac3d25b9d062528fcdac4910924ee4fa

SHA256
f16b671a32501cf730c618dd4ab7f7df3a5ce0a1c92c7919455b35d21c398dbf

SHA512
846a3d1c8794916a75290f338aa35f6ed6edf5ea3ef0560e032bb2848a371bf1e1c775a90254c987c531439a770a7385a967253f48108408b8935adb8d27d811

Download Submit
memory/408-32-0x00000264BBF10000-0x00000264BBF30000-memory.dmp

Filesize
128KB

Download
memory/408-22-0x00000264BBEE0000-0x00000264BBF00000-memory.dmp

Filesize
128KB

Download
memory/408-33-0x00000264BBF30000-0x00000264BBF50000-memory.dmp

Filesize
128KB

Download
memory/408-34-0x00000264BBF50000-0x00000264BBF70000-memory.dmp

Filesize
128KB

Download
memory/408-35-0x00000264BBF30000-0x00000264BBF50000-memory.dmp

Filesize
128KB

Download
memory/408-36-0x00000264BBF50000-0x00000264BBF70000-memory.dmp

Filesize
128KB

Download
memory/2072-4-0x0000000006730000-0x0000000006740000-memory.dmp

Filesize
64KB

Download
memory/2072-3-0x0000000006650000-0x00000000066EC000-memory.dmp

Filesize
624KB

Download
memory/2072-2-0x000000000DEE0000-0x000000001087A000-memory.dmp

Filesize
41.6MB

Download
memory/2072-1-0x0000000000650000-0x0000000001CA6000-memory.dmp

Filesize
22.3MB

Download
memory/2072-31-0x0000000074A10000-0x00000000751C0000-memory.dmp

Filesize
7.7MB

Download
memory/2072-0-0x0000000074A10000-0x00000000751C0000-memory.dmp

Filesize
7.7MB

Download