Overview

overview

10

Static

static

3

payload.exe

windows7-x64

10

payload.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    payload.exe

  • Size

    34.8MB

  • MD5

    597f03a711f5505132cbb5229b224f61

  • SHA1

    799c6b9e0087a5404531ecba2d44532e2adba133

  • SHA256

    1663eddd17ee18c998b246d49f2ceb14e9f561d831f43c6ef9d1718e81ccb4e3

  • SHA512

    f3c226611a9a0859c9080dfb146e4a9183a1012c82b4a3dba019a285f645c18422049f9e8d51a4cfbad4eeaf09da400994ab42cdffc450143e4432b95d01952e

  • SSDEEP

    49152:8XGy32rb/TcvO90dL3BmAFd4A64nsfJZpgul1jPFUbnD18urCkFCOaESeA:8z3Cb5lkAlES

Score
10/10
xmrigminer

Malware Config

Signatures

  • XMRig Miner payload 22 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\payload.exe
    "C:\Users\Admin\AppData\Local\Temp\payload.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -c "cd xmrig-6.18.0-gcc-win64 ; .\xmrig.exe -c ..\config.json -B"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.0-gcc-win64\xmrig.exe
        "C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.0-gcc-win64\xmrig.exe" -c ..\config.json -B
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\config.json
    Filesize

    3KB

    MD5

    cd05088e8515dfd3c6f2fca659e5ae12

    SHA1

    dd1527f8c1c231cd94e63c4a7f234e3b6550bdd6

    SHA256

    00da826d8693c7865e33f48cf356d257fd8df3016c172b42654c4b67da84ea10

    SHA512

    8ff7acfdcbecbaaf0fc90cfc0694b4dddf866ed1fda795fa8d9e6ad7ca3adc3741307c12719c0894e145862b299e7fa899b719b04309ef301ba566e64183e487

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.0-gcc-win64\xmrig.exe
    Filesize

    7.8MB

    MD5

    87beedbe66a91619f1a4186ef85e052e

    SHA1

    9f9b24022d0ad059fd24a2b9c94cdac87a399184

    SHA256

    d1ea28dee35382c510a49e4304ed7cead25bcee5cc869c73c9c53f333139e060

    SHA512

    f91a4d29d55b990c568eabc51e685f054f6d2a5fc42bf0f8371c435f521c752c9dc582ec0a52d98a03253bc6b09d26feb0a9bd2b95dec55403ab73374b9e4cb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\xmrig-6.18.0-gcc-win64\xmrig.exe
    Filesize

    1.1MB

    MD5

    b6fc030059c68b8a25eec4bd957b2f67

    SHA1

    fb0bae3e9387be61ac3c90f60e88885db45975a7

    SHA256

    c79424f35022f832a90ddb867bb1183be78cfb5db4c535297446c3bcefa3b433

    SHA512

    da7c03d84e7e12e552a48d2b0f5328a8f720e237fae8a09f64547d8ad88209836a5df41599e8af732367459988579624e6d036b7a74aa3f29c38ab6dda8fa1c1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\xmrig-6.18.0-gcc-win64\xmrig.exe
    Filesize

    640KB

    MD5

    4f525cc0a6597eaf75ac544d53667499

    SHA1

    1861a87f002dec308061f99c91d5d0343a9b35c1

    SHA256

    73ae0762eb4d6cc8faf72e02f804f5d29a5e7f940925cdf99cd8de1e318ea9d7

    SHA512

    0dc89b52a47834b2e5436ee3f6425f5dd736ec1bea23948d1184a6125d82a0c6ce7bdc643c24b6ee30785213a0d2e7b76627a163894cde53f19749a8ddbebc73

    Download Submit

  • \Users\Admin\AppData\Local\Temp\xmrig-6.18.0-gcc-win64\xmrig.exe
    Filesize

    1.3MB

    MD5

    b254b0c888e8d9cbaf0e87ce8e798489

    SHA1

    bac8c426ec5fe221c03d5a8677335d484bfc6abe

    SHA256

    94941445f8a5385b2d14dedabd6dd7df5f9b76e11d6121c46e8ac8bd05657a4e

    SHA512

    31124db3e93c88ef83acb2b4eed146e26d5c301dcd60f11694a7318469c6bd71fd3fc3bb9b01b93e64f635d274ba695d740eb12d40dbd69fc92a0a058e2c109d

    Download Submit

  • memory/2488-24-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-26-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-13-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-14-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-11-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-10-0x0000000002290000-0x0000000002298000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2488-9-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-12-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2488-8-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2488-28-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2488-23-0x000007FEF5740000-0x000007FEF60DD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2488-7-0x000000001B400000-0x000000001B6E2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2488-25-0x0000000002790000-0x0000000002810000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2528-20-0x00000000002F0000-0x0000000000310000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2528-34-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-22-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-30-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-31-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-32-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-33-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-27-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-35-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-36-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-37-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-38-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-39-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-40-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2528-41-0x000000013FAF0000-0x00000001405ED000-memory.dmp

    Filesize

    11.0MB

    Download