xmrig | e7174d627759ea1e9f78b0163db3a1b906af6b45f9f33d2553aefc9d635810b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

Krnl.exe

windows10-2004-x64

Sharing

General

Target

Krnl.exe
Size

5.1MB
Sample

240427-m8c52shc22
MD5

33020b2065b1ceb12e7ffcd7c34a9a72
SHA1

65842d5ed43a4075b39efba435293cf5c63f95eb
SHA256

e7174d627759ea1e9f78b0163db3a1b906af6b45f9f33d2553aefc9d635810b4
SHA512

ad9d2a2d98308d6b35e9cf8a1783463aa999521e3d0e8907accbe4ca70c5d427ff9aae5288e527bf2624db94d0f37e5156596857f3b88a239497871566ef99e4
SSDEEP

98304:I45WFQt0Zx+CghgZCEiDWJbmuM7UHzq2yjYS8gkBeJQLMWmLlFJN70tfmZBRAfkV:3AFbHTiDGbmu9nS89LMX5FzWODfPpH

Score

10^/10

xmrig evasion miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Krnl.exe

Resource

win10v2004-20240426-en

xmrig evasion miner persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Krnl.exe
- Size
  
  5.1MB
- MD5
  
  33020b2065b1ceb12e7ffcd7c34a9a72
- SHA1
  
  65842d5ed43a4075b39efba435293cf5c63f95eb
- SHA256
  
  e7174d627759ea1e9f78b0163db3a1b906af6b45f9f33d2553aefc9d635810b4
- SHA512
  
  ad9d2a2d98308d6b35e9cf8a1783463aa999521e3d0e8907accbe4ca70c5d427ff9aae5288e527bf2624db94d0f37e5156596857f3b88a239497871566ef99e4
- SSDEEP
  
  98304:I45WFQt0Zx+CghgZCEiDWJbmuM7UHzq2yjYS8gkBeJQLMWmLlFJN70tfmZBRAfkV:3AFbHTiDGbmu9nS89LMX5FzWODfPpH
Score

10^/10

xmrig evasion miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigevasionminerpersistenceupx

© 2018-2024

Terms | Privacy