xmrig | 8381e02189f0bd728b557fa5f811132e760771e095bc9b0a93412431e9c9589a

Resubmissions

04/01/2024, 10:21

240104-md6twagbd4 10

26/12/2023, 11:38

231226-nry7mafbb5 10

Analysis

max time kernel
141s
max time network
146s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
04/01/2024, 10:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pdfeditor/start.cmd
Size

48B
MD5

7a5f44ef0fcb9b3b66c65fc36aabf0af
SHA1

76887427c1a843b35de8920f93fa744b1abb5a67
SHA256

56cc2f42fb9967cb986ce44a3530481f2c4f6e79a935e829a8285d023b820763
SHA512

5a128e128e1ebb2c5c265f0dcded63f818ae9d7ac11cd5c10cf89fdebf7ccae5fe78a725ef96aeb6235db396cecbe86d43b2a15b7228f966cd55b7119d7e2490

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral30/memory/2384-3-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-4-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-7-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-8-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-11-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-12-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-13-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-14-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-15-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-16-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-17-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-18-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-19-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig
behavioral30/memory/2384-20-0x00007FF693250000-0x00007FF693D5B000-memory.dmp	xmrig

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
644	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2384	pdfeditor.exe
Token: SeLockMemoryPrivilege	2384	pdfeditor.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	pdfeditor.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 2384	3284	cmd.exe	74
PID 3284 wrote to memory of 2384	3284	cmd.exe	74

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pdfeditor\start.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Users\Admin\AppData\Local\Temp\pdfeditor\pdfeditor.exe
  pdfeditor.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2384-0-0x000001F1A2EC0000-0x000001F1A2EE0000-memory.dmp

Filesize
128KB

Download
memory/2384-2-0x000001F1A46D0000-0x000001F1A4710000-memory.dmp

Filesize
256KB

Download
memory/2384-3-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-4-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-5-0x000001F1A4710000-0x000001F1A4730000-memory.dmp

Filesize
128KB

Download
memory/2384-6-0x000001F1A4730000-0x000001F1A4750000-memory.dmp

Filesize
128KB

Download
memory/2384-7-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-8-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-9-0x000001F1A4710000-0x000001F1A4730000-memory.dmp

Filesize
128KB

Download
memory/2384-10-0x000001F1A4730000-0x000001F1A4750000-memory.dmp

Filesize
128KB

Download
memory/2384-11-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-12-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-13-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-14-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-15-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-16-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-17-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-18-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-19-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download
memory/2384-20-0x00007FF693250000-0x00007FF693D5B000-memory.dmp

Filesize
11.0MB

Download