xmrig | c02881973885f6ba6c9278eaa125bd79d80d36f9798cf4c86fe4956318e2cf6c

Analysis

max time kernel
1191s
max time network
1191s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xmrig-6.21.1/start.cmd
Size

172B
MD5

5ceb4ce3e065fbf229f1cf8f1c4479e6
SHA1

f1b9ae7e6fdc78620951a0c24f0c37ace9d073b9
SHA256

ba0e79502ee78b1187e55bf4ad19be80fa971db90a7f218d504d23cec7166342
SHA512

ae2bdc313c5d07a572efdf61d3b2c15d452a4fe73ea78fd3a2e824b6d9ae939e576791228a2d891abe48396cb67f1002eb79ca6c4870f80cd95862ccaeb7b726

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2768-2-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-5-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-6-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-7-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-10-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-11-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-12-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-13-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-14-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-15-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-16-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-17-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-18-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-19-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-20-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-21-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-22-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-23-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-24-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-25-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-26-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-27-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-28-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-29-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-30-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-31-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-32-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-33-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-34-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-35-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-36-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-37-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-38-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-39-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-40-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-41-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-42-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-43-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-44-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-45-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-46-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-47-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-48-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-49-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-50-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-51-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-52-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-53-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-54-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-55-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-56-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-57-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-58-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-59-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-60-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-61-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-62-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-63-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-64-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-65-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-66-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-67-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig
behavioral1/memory/2768-68-0x00007FF734D00000-0x00007FF735804000-memory.dmp	xmrig

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
644	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2768	xmrig.exe
Token: SeLockMemoryPrivilege	2768	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2768	xmrig.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2768	216	cmd.exe	85
PID 216 wrote to memory of 2768	216	cmd.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\start.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\xmrig.exe
  xmrig.exe -o gulf.moneroocean.stream:80 -u 46pyUVGiWpzLqjMsdWqFk7WEW4CcEukj9dyMXLN5KYExVNPMbDNpHc1bE7xpWcnQSjFFQYVZTXr7rNiNNrDCE5qYHTcqpcZ -a rx/0 -k
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2768-0-0x000002217D180000-0x000002217D1A0000-memory.dmp

Filesize
128KB

Download
memory/2768-1-0x000002217E980000-0x000002217E9C0000-memory.dmp

Filesize
256KB

Download
memory/2768-2-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-3-0x000002217E9C0000-0x000002217E9E0000-memory.dmp

Filesize
128KB

Download
memory/2768-4-0x0000022211040000-0x0000022211060000-memory.dmp

Filesize
128KB

Download
memory/2768-5-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-6-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-7-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-8-0x000002217E9C0000-0x000002217E9E0000-memory.dmp

Filesize
128KB

Download
memory/2768-9-0x0000022211040000-0x0000022211060000-memory.dmp

Filesize
128KB

Download
memory/2768-10-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-11-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-12-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-13-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-14-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-15-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-16-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-17-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-18-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-19-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-20-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-21-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-22-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-23-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-24-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-25-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-26-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-27-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-28-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-29-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-30-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-31-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-32-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-33-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-34-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-35-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-36-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-37-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-38-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-39-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-40-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-41-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-42-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-43-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-44-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-45-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-46-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-47-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-48-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-49-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-50-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-51-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-52-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-53-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-54-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-55-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-56-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-57-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-58-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-59-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-60-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-61-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-62-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-63-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-64-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-65-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-66-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-67-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download
memory/2768-68-0x00007FF734D00000-0x00007FF735804000-memory.dmp

Filesize
11.0MB

Download