Overview

overview

10

Static

static

10

3c7b11a7b7...18.exe

windows7-x64

10

3c7b11a7b7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c7b11a7b7f4549d9bc7624290e2844c_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240513-zew3aach5x

  • MD5

    3c7b11a7b7f4549d9bc7624290e2844c

  • SHA1

    96d88e73bdbf0bf63a3c6ccba116ee487f3560ff

  • SHA256

    b1e13a4686e82a5bf9f9a4746e9f0b9e551d68f7c73ade85634062c1ba7ad1fe

  • SHA512

    026b115b138715a6e124ef90482e2955165ae69e375703ae86f5c4981380c0b4f1e3f67d4079b11ae1268a1a4b0d162cf60c6e8bad273b68d238ee39f529839d

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrT:NABK

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      3c7b11a7b7f4549d9bc7624290e2844c_JaffaCakes118

    • Size

      2.3MB

    • MD5

      3c7b11a7b7f4549d9bc7624290e2844c

    • SHA1

      96d88e73bdbf0bf63a3c6ccba116ee487f3560ff

    • SHA256

      b1e13a4686e82a5bf9f9a4746e9f0b9e551d68f7c73ade85634062c1ba7ad1fe

    • SHA512

      026b115b138715a6e124ef90482e2955165ae69e375703ae86f5c4981380c0b4f1e3f67d4079b11ae1268a1a4b0d162cf60c6e8bad273b68d238ee39f529839d

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrT:NABK

    Score
    10/10
    xmrigexecutionminerupx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks