xmrig | c02881973885f6ba6c9278eaa125bd79d80d36f9798cf4c86fe4956318e2cf6c

Analysis

max time kernel
1192s
max time network
1145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xmrig-6.21.1/start.cmd
Size

172B
MD5

5ceb4ce3e065fbf229f1cf8f1c4479e6
SHA1

f1b9ae7e6fdc78620951a0c24f0c37ace9d073b9
SHA256

ba0e79502ee78b1187e55bf4ad19be80fa971db90a7f218d504d23cec7166342
SHA512

ae2bdc313c5d07a572efdf61d3b2c15d452a4fe73ea78fd3a2e824b6d9ae939e576791228a2d891abe48396cb67f1002eb79ca6c4870f80cd95862ccaeb7b726

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2980-3-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-4-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-5-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-8-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-9-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-10-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-11-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-12-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-13-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-14-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-15-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-16-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-17-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-18-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-19-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-20-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-21-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-22-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-23-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-24-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-25-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-26-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-27-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-28-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-29-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-30-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-31-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-32-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-33-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-34-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-35-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-36-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-37-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-38-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-39-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-40-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-41-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-42-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-43-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-44-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-45-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-46-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-47-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-48-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-49-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-50-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-51-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-52-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-53-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-54-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-55-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-56-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-57-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-58-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-59-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-60-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-61-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-62-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-63-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-64-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-65-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-66-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig
behavioral1/memory/2980-67-0x000000013FC30000-0x0000000140734000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2980	xmrig.exe
Token: SeLockMemoryPrivilege	2980	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	xmrig.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2980	2940	cmd.exe	29
PID 2940 wrote to memory of 2980	2940	cmd.exe	29
PID 2940 wrote to memory of 2980	2940	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\start.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\xmrig.exe
  xmrig.exe -o gulf.moneroocean.stream:80 -u 46pyUVGiWpzLqjMsdWqFk7WEW4CcEukj9dyMXLN5KYExVNPMbDNpHc1bE7xpWcnQSjFFQYVZTXr7rNiNNrDCE5qYHTcqpcZ -a rx/0 -k
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x0000000001C30000-0x0000000001C50000-memory.dmp

Filesize
128KB

Download
memory/2980-2-0x00000000025A0000-0x00000000025C0000-memory.dmp

Filesize
128KB

Download
memory/2980-1-0x0000000002140000-0x0000000002160000-memory.dmp

Filesize
128KB

Download
memory/2980-3-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-4-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-5-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-6-0x0000000002140000-0x0000000002160000-memory.dmp

Filesize
128KB

Download
memory/2980-7-0x00000000025A0000-0x00000000025C0000-memory.dmp

Filesize
128KB

Download
memory/2980-8-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-9-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-10-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-11-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-12-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-13-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-14-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-15-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-16-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-17-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-18-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-19-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-20-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-21-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-22-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-23-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-24-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-25-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-26-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-27-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-28-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-29-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-30-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-31-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-32-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-33-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-34-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-35-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-36-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-37-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-38-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-39-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-40-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-41-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-42-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-43-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-44-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-45-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-46-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-47-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-48-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-49-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-50-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-51-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-52-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-53-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-54-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-55-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-56-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-57-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-58-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-59-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-60-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-61-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-62-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-63-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-64-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-65-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-66-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download
memory/2980-67-0x000000013FC30000-0x0000000140734000-memory.dmp

Filesize
11.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads