Overview
overview
10Static
static
3grhsghsGHs...y8.exe
windows7-x64
10grhsghsGHs...y8.exe
windows10-2004-x64
10grhsghsGHs...SE.exe
windows7-x64
10grhsghsGHs...SE.exe
windows10-2004-x64
10grhsghsGHs...CD.exe
windows7-x64
10grhsghsGHs...CD.exe
windows10-2004-x64
10grhsghsGHs...Da.exe
windows7-x64
10grhsghsGHs...Da.exe
windows10-2004-x64
10grhsghsGHs...wq.exe
windows7-x64
10grhsghsGHs...wq.exe
windows10-2004-x64
10grhsghsGHs...r7.exe
windows7-x64
10grhsghsGHs...r7.exe
windows10-2004-x64
10grhsghsGHs...XJ.exe
windows7-x64
10grhsghsGHs...XJ.exe
windows10-2004-x64
10grhsghsGHs...eg.exe
windows7-x64
10grhsghsGHs...eg.exe
windows10-2004-x64
10grhsghsGHs...5H.exe
windows7-x64
10grhsghsGHs...5H.exe
windows10-2004-x64
10grhsghsGHs...XN.exe
windows7-x64
10grhsghsGHs...XN.exe
windows10-2004-x64
10grhsghsGHs...T3.exe
windows7-x64
10grhsghsGHs...T3.exe
windows10-2004-x64
10grhsghsGHs...9r.exe
windows7-x64
10grhsghsGHs...9r.exe
windows10-2004-x64
10grhsghsGHs...GR.exe
windows7-x64
10grhsghsGHs...GR.exe
windows10-2004-x64
10grhsghsGHs...EX.exe
windows7-x64
10grhsghsGHs...EX.exe
windows10-2004-x64
10grhsghsGHs...EA.exe
windows7-x64
10grhsghsGHs...EA.exe
windows10-2004-x64
10grhsghsGHs...FB.exe
windows7-x64
10grhsghsGHs...FB.exe
windows10-2004-x64
10Resubmissions
25-01-2024 16:55
240125-vfcyksbhgr 1024-01-2024 17:15
240124-vstf4aecaj 1023-01-2024 19:27
240123-x6cfvagbd9 1023-01-2024 19:27
240123-x6bvbafgem 1023-01-2024 19:27
240123-x6bjjsgbd8 1023-01-2024 19:27
240123-x6ax1sfgek 1023-01-2024 19:27
240123-x6abgsfgej 1023-01-2024 19:27
240123-x591qagbd7 1023-01-2024 19:27
240123-x59d7agbd6 1023-01-2024 19:27
240123-x584esgbd5 10General
-
Target
grhsghsGHswghs.zip
-
Size
53.3MB
-
Sample
240123-x591qagbd7
-
MD5
533ca99ff496fe94384e08be4543ece9
-
SHA1
23e9ac7eb659a166959856a04d5c124721df2a38
-
SHA256
165a0de3cbb54178e47215a0ad412c91f1cbbcefc3c3d35d8124c5972d1c1950
-
SHA512
c6155011159aa102d681d8c5aa19dde57dbe1fe3fea68670d41dddd07fb1204f0c5d9951c1d65085acf93a78732fed037581fcbbc597143f59ae25d4ffc76c8c
-
SSDEEP
1572864:HS7A5V1y7xaCcUHNsUZ04Wp3xWytXPDg+yS03gXn4yu:HSkL1yPXW1p3D0SLX4N
Static task
static1
Behavioral task
behavioral1
Sample
grhsghsGHswgh/3JynzWc6LxNCT2y8.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
grhsghsGHswgh/3JynzWc6LxNCT2y8.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
grhsghsGHswgh/6aNn9vLJCQVfagSE.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
grhsghsGHswgh/6aNn9vLJCQVfagSE.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
grhsghsGHswgh/6vHkJ4UErTSS5ECD.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
grhsghsGHswgh/6vHkJ4UErTSS5ECD.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
grhsghsGHswgh/Be5sCbvuma2nkHDa.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
grhsghsGHswgh/Be5sCbvuma2nkHDa.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
grhsghsGHswgh/DLKFnAGYJBNTnxwq.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
grhsghsGHswgh/DLKFnAGYJBNTnxwq.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
grhsghsGHswgh/EtPLMpbCyFJpMJr7.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
grhsghsGHswgh/EtPLMpbCyFJpMJr7.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
grhsghsGHswgh/Gu3PdXt79NF7EJXJ.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
grhsghsGHswgh/Gu3PdXt79NF7EJXJ.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
grhsghsGHswgh/JqLvG94UkYjhxAeg.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
grhsghsGHswgh/JqLvG94UkYjhxAeg.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
grhsghsGHswgh/LM3BR4UBmKBzBP5H.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
grhsghsGHswgh/LM3BR4UBmKBzBP5H.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
grhsghsGHswgh/M8xUNW42QxTLMRXN.exe
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
grhsghsGHswgh/M8xUNW42QxTLMRXN.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
grhsghsGHswgh/Q5EUCWHU7pMYBfT3.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
grhsghsGHswgh/Q5EUCWHU7pMYBfT3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
grhsghsGHswgh/UMRsPGc4u9tycx9r.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
grhsghsGHswgh/UMRsPGc4u9tycx9r.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
grhsghsGHswgh/UU4Ddwqm5zcuLzGR.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
grhsghsGHswgh/UU4Ddwqm5zcuLzGR.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
grhsghsGHswgh/XJEzW6M7WvHaF3EX.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
grhsghsGHswgh/XJEzW6M7WvHaF3EX.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
grhsghsGHswgh/Y2JYGshMHJGuGREA.exe
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
grhsghsGHswgh/Y2JYGshMHJGuGREA.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
grhsghsGHswgh/Yvdp8t5knpQz7sFB.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
grhsghsGHswgh/3JynzWc6LxNCT2y8.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/6aNn9vLJCQVfagSE.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/6vHkJ4UErTSS5ECD.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/Be5sCbvuma2nkHDa.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/DLKFnAGYJBNTnxwq.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/EtPLMpbCyFJpMJr7.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/Gu3PdXt79NF7EJXJ.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/JqLvG94UkYjhxAeg.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/LM3BR4UBmKBzBP5H.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/M8xUNW42QxTLMRXN.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/Q5EUCWHU7pMYBfT3.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/UMRsPGc4u9tycx9r.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/UU4Ddwqm5zcuLzGR.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/XJEzW6M7WvHaF3EX.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/Y2JYGshMHJGuGREA.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
grhsghsGHswgh/Yvdp8t5knpQz7sFB.exe
-
Size
2.0MB
-
MD5
a16a669a09bf158058b83e04e69fe38e
-
SHA1
f6c94763850d9e590d86057139e8895a7aacdeea
-
SHA256
cacc0261ccf7578ef5c1f9fdbe35705ad91070d020a4225e05cbf71a6103ac8e
-
SHA512
658b52ad1d27becee5b5bbd443d43da38b88d49880e72c8cb843f176a2d84d571b39c34dbc7cfb7ea56acc548acc5b68cce47a8bcf9d173feec031f7e33a09c6
-
SSDEEP
49152:rWVipAxqo5p88CbXuxWQiSJU320ZW21Q0YWAij64ane6szjmL/45:rxAEcp9ueXit9WAQ0YWuO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-