Overview

overview

10

Static

static

3

7b84a9dde5...ad.exe

windows7-x64

10

7b84a9dde5...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b84a9dde57ecaed21008d7c94f547c2691569f32fe96858207ebf8fe65acaad.exe

  • Size

    2.0MB

  • MD5

    c9f5836878d8edbaa9eb864f5195a5c3

  • SHA1

    f2703ce36fdc714258221f9e1cf7b9b2c8d33898

  • SHA256

    7b84a9dde57ecaed21008d7c94f547c2691569f32fe96858207ebf8fe65acaad

  • SHA512

    00dd50d63017c87b7f828d57524d0d91ab60b5f0c864a26142e161cfef9ccfd6a3a2099bb9b3d39a382fbb345c2075d3f6277d4f825c85dd56f23b31b290a1c7

  • SSDEEP

    49152:yTxbkIPtWc7c5stBUrHHC4cxyt50WwI3blLRb5Cherbi:g5kIAc7ksturCVK3bNRb5Chmi

Score
10/10
xmrigminerpersistence

Malware Config

Signatures

  • XMRig Miner payload 6 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b84a9dde57ecaed21008d7c94f547c2691569f32fe96858207ebf8fe65acaad.exe
    "C:\Users\Admin\AppData\Local\Temp\7b84a9dde57ecaed21008d7c94f547c2691569f32fe96858207ebf8fe65acaad.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\Documents\sin.dat
      C:\Users\Admin\Documents\/sin.dat
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\config.json
    Filesize

    3KB

    MD5

    9547529a20cd5d10872657bd1171ac5b

    SHA1

    869e47f6c8023ae14d92247fcd6f93a3e48f719f

    SHA256

    ffa3750f71d9504ce2c67285e2e1e588828edf37cd12b7cd57d76db26d91f60b

    SHA512

    8afb99f3fcc5d54ef8b6dc265f18fe1be3c05910953c13a94fbdfe3c33a4b179628452b7351576c49d98c4dcb73c1ffedf19215b115d8361ed095aa4267bd1c7

    Download Submit
  • C:\Users\Admin\Documents\sin.dat
    Filesize

    4.6MB

    MD5

    789de0121b251973bef2b1aba16cf9b7

    SHA1

    5846176613706256e331822490b2628f8f54fa1c

    SHA256

    7ecb89e0b9925531d3e3c7eb22868d0f64bfbedc159a152de0d9794fb3ab418c

    SHA512

    353b7fa60531f93f884ff4e831b56a3b362a0b83668a586b4a6ec63162be2f1d314afabaedf8b838729cf3e140274c5dfd29ff1da83b9fd38f8d8c1a816cfab0

    Download Submit
  • \Users\Admin\Documents\sin.dat
    Filesize

    3.9MB

    MD5

    7d801ba104d572522cbf2115caa1d68a

    SHA1

    1dc43678cfb9ee61b45de87d2b9781ebbfaaf906

    SHA256

    93658202919c01e2ec5750bf6a5cd02bea99bf509588a2ba9aeffc09910cecfa

    SHA512

    952042ede787b5c097a05ded6f0f91c88077253b628e6c1a3ccf0604eaedac920c09b36fb818b7cac9377eb60bb8bfab0015e494f6de7d5f1f5821225c25f46d

    Download Submit
  • memory/2408-13-0x0000000000400000-0x0000000000420000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2408-15-0x0000000002950000-0x0000000002954000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2408-16-0x0000000002960000-0x0000000002964000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2408-19-0x0000000002950000-0x0000000002954000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2408-20-0x0000000003B10000-0x0000000003B14000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2408-21-0x0000000003B00000-0x0000000003B04000-memory.dmp
    Filesize

    16KB

    Download
  • memory/2516-2-0x0000000000400000-0x0000000000C43000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/2516-1-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2516-0-0x0000000000400000-0x0000000000C43000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/2516-17-0x0000000000400000-0x0000000000C43000-memory.dmp
    Filesize

    8.3MB

    Download
  • memory/2516-18-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download