General
-
Target
Krnl.exe
-
Size
5.1MB
-
Sample
240427-m8c52shc22
-
MD5
33020b2065b1ceb12e7ffcd7c34a9a72
-
SHA1
65842d5ed43a4075b39efba435293cf5c63f95eb
-
SHA256
e7174d627759ea1e9f78b0163db3a1b906af6b45f9f33d2553aefc9d635810b4
-
SHA512
ad9d2a2d98308d6b35e9cf8a1783463aa999521e3d0e8907accbe4ca70c5d427ff9aae5288e527bf2624db94d0f37e5156596857f3b88a239497871566ef99e4
-
SSDEEP
98304:I45WFQt0Zx+CghgZCEiDWJbmuM7UHzq2yjYS8gkBeJQLMWmLlFJN70tfmZBRAfkV:3AFbHTiDGbmu9nS89LMX5FzWODfPpH
Static task
static1
Behavioral task
behavioral1
Sample
Krnl.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Krnl.exe
-
Size
5.1MB
-
MD5
33020b2065b1ceb12e7ffcd7c34a9a72
-
SHA1
65842d5ed43a4075b39efba435293cf5c63f95eb
-
SHA256
e7174d627759ea1e9f78b0163db3a1b906af6b45f9f33d2553aefc9d635810b4
-
SHA512
ad9d2a2d98308d6b35e9cf8a1783463aa999521e3d0e8907accbe4ca70c5d427ff9aae5288e527bf2624db94d0f37e5156596857f3b88a239497871566ef99e4
-
SSDEEP
98304:I45WFQt0Zx+CghgZCEiDWJbmuM7UHzq2yjYS8gkBeJQLMWmLlFJN70tfmZBRAfkV:3AFbHTiDGbmu9nS89LMX5FzWODfPpH
Score10/10-
XMRig Miner payload
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-