xmrig | 2b8d9b5450df507df1afd22d0205cdc0cdf6a351adcd06f94d072435f0648c86

Reason

Machine shutdown

General

Target

0bd537c7911d97b0dd6ff65e2b63719c_JaffaCakes118.exe
Size

1.7MB
MD5

0bd537c7911d97b0dd6ff65e2b63719c
SHA1

b0b4b0da023728e068d2664e43b267ec6898275f
SHA256

2b8d9b5450df507df1afd22d0205cdc0cdf6a351adcd06f94d072435f0648c86
SHA512

aa7967038825e38ff82af0fc6f7f972d6f011041d48a7dcb03ae46d6e54a5df3614df977da6390807d47b0082983da836287983b769d734465e59f64bd7774e2
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SGkMKN:NABQ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/4620-631-0x00007FF700D20000-0x00007FF701112000-memory.dmp	xmrig
behavioral2/memory/4056-634-0x00007FF61D550000-0x00007FF61D942000-memory.dmp	xmrig

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3644-0-0x00007FF6767C0000-0x00007FF676BB2000-memory.dmp	upx
behavioral2/files/0x000b000000023b84-5.dat	upx
behavioral2/files/0x000a000000023b89-7.dat	upx
behavioral2/files/0x000a000000023b88-22.dat	upx
behavioral2/files/0x000a000000023b89-19.dat	upx
behavioral2/files/0x000a000000023b8f-38.dat	upx
behavioral2/files/0x000a000000023b8c-87.dat	upx
behavioral2/files/0x000a000000023b92-121.dat	upx
behavioral2/memory/2324-396-0x00007FF6385B0000-0x00007FF6389A2000-memory.dmp	upx
behavioral2/memory/2080-516-0x00007FF606DF0000-0x00007FF6071E2000-memory.dmp	upx
behavioral2/memory/4944-617-0x00007FF7945D0000-0x00007FF7949C2000-memory.dmp	upx
behavioral2/memory/4620-631-0x00007FF700D20000-0x00007FF701112000-memory.dmp	upx
behavioral2/memory/4056-634-0x00007FF61D550000-0x00007FF61D942000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\0bd537c7911d97b0dd6ff65e2b63719c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0bd537c7911d97b0dd6ff65e2b63719c_JaffaCakes118.exe"
1⤵
PID:3644
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  PID:876
- C:\Windows\System\NOwglCW.exe
  C:\Windows\System\NOwglCW.exe
  2⤵
  PID:3392
- C:\Windows\System\xQBemtf.exe
  C:\Windows\System\xQBemtf.exe
  2⤵
  PID:4844
- C:\Windows\System\IeSnTtQ.exe
  C:\Windows\System\IeSnTtQ.exe
  2⤵
  PID:2528
- C:\Windows\System\lpUxUWA.exe
  C:\Windows\System\lpUxUWA.exe
  2⤵
  PID:3612
- C:\Windows\System\RrnKLBC.exe
  C:\Windows\System\RrnKLBC.exe
  2⤵
  PID:3988
- C:\Windows\System\cLvQdAZ.exe
  C:\Windows\System\cLvQdAZ.exe
  2⤵
  PID:5088
- C:\Windows\System\YqXfxRB.exe
  C:\Windows\System\YqXfxRB.exe
  2⤵
  PID:4088
- C:\Windows\System\OAbRUpw.exe
  C:\Windows\System\OAbRUpw.exe
  2⤵
  PID:4948
- C:\Windows\System\RtjPmha.exe
  C:\Windows\System\RtjPmha.exe
  2⤵
  PID:4244
- C:\Windows\System\lVroRNL.exe
  C:\Windows\System\lVroRNL.exe
  2⤵
  PID:3268
- C:\Windows\System\eorwjcd.exe
  C:\Windows\System\eorwjcd.exe
  2⤵
  PID:6372
- C:\Windows\System\DpoApZb.exe
  C:\Windows\System\DpoApZb.exe
  2⤵
  PID:6388
- C:\Windows\System\NzAMKxA.exe
  C:\Windows\System\NzAMKxA.exe
  2⤵
  PID:10400
- C:\Windows\System\OyMZmow.exe
  C:\Windows\System\OyMZmow.exe
  2⤵
  PID:6844
- C:\Windows\System\SpOkwAG.exe
  C:\Windows\System\SpOkwAG.exe
  2⤵
  PID:12004
- C:\Windows\System\vOfpVWc.exe
  C:\Windows\System\vOfpVWc.exe
  2⤵
  PID:11080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\IeSnTtQ.exe

Filesize
1.6MB

MD5
d016dc70f975824ff40fe79e3d9f580e

SHA1
51ec8ffb24f18cbfb9aa32a6dc1ff402977b18b4

SHA256
d32a6c895e8b3db24b3a4bd40149329f9d167c9ff2b99d31c2b3086c87fa7a63

SHA512
b40b3189f85048c1e6dd3eda3207dd2a38fb8c7fe87e3eac1667ee61656785694ba4141e8242b20743ddc2b12b8f8417a01aee07f77fa8561b9babac3f7c6a3c

Download Submit
C:\Windows\System\IeSnTtQ.exe

Filesize
1.7MB

MD5
1bae3375629c9f2eef05071b4bd26274

SHA1
d8fedc5af43337db0861fb103c2f85eac598dbdb

SHA256
9eec0fa26f543a0827e87b498769303f5936021e6ca7a65a708a685c2c175f68

SHA512
4891ad03464f8fb55b19b5cf2402bbe58479e5c4bc1cff1d04df5f9ae2c262c425b6b27cdce363c5560665f57563f40aa6e5908f4dba0e6dc8e2e47f4821f029

Download Submit
C:\Windows\System\NOwglCW.exe

Filesize
1.7MB

MD5
652c3d3150b4439dadabfa691a1e5abd

SHA1
686c0aac8b6dc1a06151299c6c91b5e750911ae8

SHA256
f57b0c4fed67506cde148c99b67dbf5351b8d8efc4bfa4d5f6dbc3e4d9ab4736

SHA512
9bd981586b3b53ca8117aca9cd4a98d1168a72fa9414690cc7b7c3526e922b7828ec62159cdf5d2f7600df90480a8e183f9e2331c01865380868ddf54b83a5fe

Download Submit
C:\Windows\System\cLvQdAZ.exe

Filesize
1.3MB

MD5
31c75fbf39029af4db57ee49a9ac044e

SHA1
d72a131bb7733c41d80f285363b565d10d954288

SHA256
49c270ba942fa5a9427a00f19b77e8009906575d9f9d57c58f8421a1eb7165ef

SHA512
9b2aba7def8c756a451ec658c49b3799d70aaeb4b1318fffa39f3a21b4263088291ee8a00763c45f0f552a2ced69cf0a45243ae54df03ca33832e965dd9584f9

Download Submit
C:\Windows\System\fXzLHEe.exe

Filesize
1.4MB

MD5
61a0c0aa01b0f6af193d101dc8566826

SHA1
fe45478a4aac2935e7a0e2062b88d8ee4c786314

SHA256
8f016dacc408a5bf3cb0c8ef4867c6d3a35c96026913d795a9763ef7d73b9a1a

SHA512
f1ac2322e97d37d629ed3bed11683a39278048a9d8cdb0d2fccf3684cd7d62e05f9861d5c8fee824783f14b52dc16f0f9ca4c5ac8dfe6ae7f697a8fa0332bf61

Download Submit
C:\Windows\System\qCwdZpn.exe

Filesize
1.2MB

MD5
2015d4268b39edb144b028bf0fe1c804

SHA1
c228588f484ea275819a4d573f979e842e15bfcb

SHA256
06e674896127b6ac6d09f6443b9f58355c265fc8ee05952d1dd6efef96ba0d95

SHA512
85b65ea420a4a8c47c19a6251678020c1302823789ad53c5b04131a1180895aa53daed65fbd02eb76c987f255b6a0d03d2b0aabd4565e1e8869f3ba3c069a342

Download Submit
C:\Windows\System\xQBemtf.exe

Filesize
1.7MB

MD5
b3a67d070af8404fed101cbd1f21c865

SHA1
d57cad581edaa1900f84fb6ecd14f6be64978ae5

SHA256
5bd4859ddc5f86699ab4fd590082801f80106d1e9064914e2d1400ea1b265287

SHA512
8c7a99050ab6850272d7748db365e75e5ba47bb6bfd33043edb5ec0344e757d2706432eb1ee2b8a2cb778435c826335d67a78f654583bcb45a2665f7dbfaec16

Download Submit
memory/2080-516-0x00007FF606DF0000-0x00007FF6071E2000-memory.dmp

Filesize
3.9MB

Download
memory/2324-396-0x00007FF6385B0000-0x00007FF6389A2000-memory.dmp

Filesize
3.9MB

Download
memory/3644-0-0x00007FF6767C0000-0x00007FF676BB2000-memory.dmp

Filesize
3.9MB

Download
memory/3644-1-0x00000249C8F20000-0x00000249C8F30000-memory.dmp

Filesize
64KB

Download
memory/4056-634-0x00007FF61D550000-0x00007FF61D942000-memory.dmp

Filesize
3.9MB

Download
memory/4620-631-0x00007FF700D20000-0x00007FF701112000-memory.dmp

Filesize
3.9MB

Download
memory/4944-617-0x00007FF7945D0000-0x00007FF7949C2000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads