Malware Analysis Report

2025-01-06 15:47

Sample ID 240525-rzjcxsgd36
Target miner 2.55555.rar
SHA256 f5bd0ebcfc01b3431f67795b918ea0220ec4204530a959b2c161afecf61b74aa
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f5bd0ebcfc01b3431f67795b918ea0220ec4204530a959b2c161afecf61b74aa

Threat Level: Known bad

The file miner 2.55555.rar was found to be: Known bad.

Malicious Activity Summary

miner xmrig

XMRig Miner payload

Xmrig family

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-25 14:37

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

1190s

Max time network

1196s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp

Files

memory/1624-0-0x000001CF7CDB0000-0x000001CF7CDD0000-memory.dmp

memory/1624-1-0x000001CF7E6E0000-0x000001CF7E700000-memory.dmp

memory/1624-3-0x000001CF7E720000-0x000001CF7E740000-memory.dmp

memory/1624-2-0x000001CF7E700000-0x000001CF7E720000-memory.dmp

memory/1624-4-0x000001CF7E700000-0x000001CF7E720000-memory.dmp

memory/1624-5-0x000001CF7E720000-0x000001CF7E740000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

444s

Max time network

1203s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp

Files

memory/1964-0-0x000001DADC730000-0x000001DADC750000-memory.dmp

memory/1964-1-0x000001DADC870000-0x000001DADC890000-memory.dmp

memory/1964-3-0x000001DADC8D0000-0x000001DADC8F0000-memory.dmp

memory/1964-2-0x000001DADC8B0000-0x000001DADC8D0000-memory.dmp

memory/1964-4-0x000001DADC8B0000-0x000001DADC8D0000-memory.dmp

memory/1964-5-0x000001DADC8D0000-0x000001DADC8F0000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240508-en

Max time kernel

842s

Max time network

1199s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2116-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2116-2-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2116-1-0x00000000003D0000-0x00000000003F0000-memory.dmp

memory/2116-4-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2116-3-0x00000000003D0000-0x00000000003F0000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

1005s

Max time network

1208s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp

Files

memory/1236-0-0x000001F694BA0000-0x000001F694BC0000-memory.dmp

memory/1236-1-0x000001F6964D0000-0x000001F6964F0000-memory.dmp

memory/1236-2-0x000001F696500000-0x000001F696520000-memory.dmp

memory/1236-3-0x000001F696520000-0x000001F696540000-memory.dmp

memory/1236-4-0x000001F696500000-0x000001F696520000-memory.dmp

memory/1236-5-0x000001F696520000-0x000001F696540000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240508-en

Max time kernel

841s

Max time network

1191s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2376-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2376-1-0x0000000000490000-0x00000000004B0000-memory.dmp

memory/2376-2-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2376-3-0x0000000000490000-0x00000000004B0000-memory.dmp

memory/2376-4-0x0000000000500000-0x0000000000520000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240226-en

Max time kernel

1193s

Max time network

1204s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3624 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.201.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 29.32.239.216.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp

Files

memory/1460-0-0x00000254E8740000-0x00000254E8760000-memory.dmp

memory/1460-1-0x00000254EA260000-0x00000254EA280000-memory.dmp

memory/1460-2-0x00000254EA280000-0x00000254EA2A0000-memory.dmp

memory/1460-3-0x000002557C910000-0x000002557C930000-memory.dmp

memory/1460-4-0x00000254EA280000-0x00000254EA2A0000-memory.dmp

memory/1460-5-0x000002557C910000-0x000002557C930000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240508-en

Max time kernel

842s

Max time network

1199s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2200-0-0x0000000000170000-0x0000000000190000-memory.dmp

memory/2200-1-0x0000000000310000-0x0000000000330000-memory.dmp

memory/2200-2-0x0000000000440000-0x0000000000460000-memory.dmp

memory/2200-3-0x0000000000310000-0x0000000000330000-memory.dmp

memory/2200-4-0x0000000000440000-0x0000000000460000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240215-en

Max time kernel

835s

Max time network

1195s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1868-0-0x0000000000200000-0x0000000000220000-memory.dmp

memory/1868-2-0x0000000002160000-0x0000000002180000-memory.dmp

memory/1868-1-0x0000000000490000-0x00000000004B0000-memory.dmp

memory/1868-4-0x0000000002160000-0x0000000002180000-memory.dmp

memory/1868-3-0x0000000000490000-0x00000000004B0000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240220-en

Max time kernel

837s

Max time network

1194s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2836-0-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2836-2-0x00000000021D0000-0x00000000021F0000-memory.dmp

memory/2836-1-0x00000000021B0000-0x00000000021D0000-memory.dmp

memory/2836-4-0x00000000021D0000-0x00000000021F0000-memory.dmp

memory/2836-3-0x00000000021B0000-0x00000000021D0000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240220-en

Max time kernel

841s

Max time network

1198s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2248-0-0x0000000001BC0000-0x0000000001BE0000-memory.dmp

memory/2248-2-0x00000000024D0000-0x00000000024F0000-memory.dmp

memory/2248-1-0x00000000024B0000-0x00000000024D0000-memory.dmp

memory/2248-4-0x00000000024D0000-0x00000000024F0000-memory.dmp

memory/2248-3-0x00000000024B0000-0x00000000024D0000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240426-en

Max time kernel

453s

Max time network

1192s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

memory/2576-0-0x000001DD10FA0000-0x000001DD10FC0000-memory.dmp

memory/2576-1-0x000001DD10FF0000-0x000001DD11010000-memory.dmp

memory/2576-3-0x000001DD11030000-0x000001DD11050000-memory.dmp

memory/2576-2-0x000001DD11010000-0x000001DD11030000-memory.dmp

memory/2576-4-0x000001DD11010000-0x000001DD11030000-memory.dmp

memory/2576-5-0x000001DD11030000-0x000001DD11050000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win10v2004-20240226-en

Max time kernel

1191s

Max time network

1204s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp

Files

memory/2680-0-0x0000025658940000-0x0000025658960000-memory.dmp

memory/2680-1-0x0000025658980000-0x00000256589A0000-memory.dmp

memory/2680-2-0x00000256589A0000-0x00000256589C0000-memory.dmp

memory/2680-3-0x0000025658AD0000-0x0000025658AF0000-memory.dmp

memory/2680-4-0x00000256589A0000-0x00000256589C0000-memory.dmp

memory/2680-5-0x0000025658AD0000-0x0000025658AF0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20231129-en

Max time kernel

841s

Max time network

1195s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1664-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/1664-2-0x0000000002150000-0x0000000002170000-memory.dmp

memory/1664-1-0x0000000000550000-0x0000000000570000-memory.dmp

memory/1664-3-0x0000000000550000-0x0000000000570000-memory.dmp

memory/1664-4-0x0000000002150000-0x0000000002170000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240215-en

Max time kernel

838s

Max time network

1195s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/856-0-0x00000000001F0000-0x0000000000210000-memory.dmp

memory/856-2-0x00000000021E0000-0x0000000002200000-memory.dmp

memory/856-1-0x00000000021C0000-0x00000000021E0000-memory.dmp

memory/856-4-0x00000000021E0000-0x0000000002200000-memory.dmp

memory/856-3-0x00000000021C0000-0x00000000021E0000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

448s

Max time network

1198s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp

Files

memory/1596-0-0x0000021ACE4D0000-0x0000021ACE4F0000-memory.dmp

memory/1596-1-0x0000021ACFED0000-0x0000021ACFEF0000-memory.dmp

memory/1596-2-0x0000021ACFEF0000-0x0000021ACFF10000-memory.dmp

memory/1596-3-0x0000021ACFF10000-0x0000021ACFF30000-memory.dmp

memory/1596-4-0x0000021ACFEF0000-0x0000021ACFF10000-memory.dmp

memory/1596-5-0x0000021ACFF10000-0x0000021ACFF30000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

1070s

Max time network

1199s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

memory/2600-0-0x000002B711700000-0x000002B711720000-memory.dmp

memory/2600-1-0x000002B711750000-0x000002B711770000-memory.dmp

memory/2600-2-0x000002B711770000-0x000002B711790000-memory.dmp

memory/2600-3-0x000002B711790000-0x000002B7117B0000-memory.dmp

memory/2600-4-0x000002B711770000-0x000002B711790000-memory.dmp

memory/2600-5-0x000002B711790000-0x000002B7117B0000-memory.dmp

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240508-en

Max time kernel

842s

Max time network

1203s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2548-0-0x00000000001F0000-0x0000000000210000-memory.dmp

memory/2548-1-0x0000000000570000-0x0000000000590000-memory.dmp

memory/2548-2-0x0000000002140000-0x0000000002160000-memory.dmp

memory/2548-3-0x0000000000570000-0x0000000000590000-memory.dmp

memory/2548-4-0x0000000002140000-0x0000000002160000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win10v2004-20240508-en

Max time kernel

447s

Max time network

1208s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp

Files

memory/2656-0-0x0000024CF1F60000-0x0000024CF1F80000-memory.dmp

memory/2656-1-0x0000024CF1FB0000-0x0000024CF1FD0000-memory.dmp

memory/2656-3-0x0000024CF1FF0000-0x0000024CF2010000-memory.dmp

memory/2656-2-0x0000024CF1FD0000-0x0000024CF1FF0000-memory.dmp

memory/2656-4-0x0000024CF1FD0000-0x0000024CF1FF0000-memory.dmp

memory/2656-5-0x0000024CF1FF0000-0x0000024CF2010000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240221-en

Max time kernel

839s

Max time network

1202s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2276-0-0x0000000000080000-0x00000000000A0000-memory.dmp

memory/2276-2-0x0000000001E40000-0x0000000001E60000-memory.dmp

memory/2276-1-0x0000000001E20000-0x0000000001E40000-memory.dmp

memory/2276-4-0x0000000001E40000-0x0000000001E60000-memory.dmp

memory/2276-3-0x0000000001E20000-0x0000000001E40000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240221-en

Max time kernel

845s

Max time network

1198s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2484-2-0x00000000020C0000-0x00000000020E0000-memory.dmp

memory/2484-1-0x0000000002020000-0x0000000002040000-memory.dmp

memory/2484-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2484-3-0x0000000002020000-0x0000000002040000-memory.dmp

memory/2484-4-0x00000000020C0000-0x00000000020E0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240220-en

Max time kernel

841s

Max time network

1205s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2584-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2584-2-0x00000000025A0000-0x00000000025C0000-memory.dmp

memory/2584-1-0x0000000002480000-0x00000000024A0000-memory.dmp

memory/2584-4-0x00000000025A0000-0x00000000025C0000-memory.dmp

memory/2584-3-0x0000000002480000-0x00000000024A0000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240221-en

Max time kernel

844s

Max time network

1195s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/908-2-0x00000000024A0000-0x00000000024C0000-memory.dmp

memory/908-1-0x0000000002480000-0x00000000024A0000-memory.dmp

memory/908-0-0x0000000000480000-0x00000000004A0000-memory.dmp

memory/908-4-0x00000000024A0000-0x00000000024C0000-memory.dmp

memory/908-3-0x0000000002480000-0x00000000024A0000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

443s

Max time network

1198s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

memory/4964-0-0x000001DAF45C0000-0x000001DAF45E0000-memory.dmp

memory/4964-1-0x000001DAF4710000-0x000001DAF4730000-memory.dmp

memory/4964-2-0x000001DAF4730000-0x000001DAF4750000-memory.dmp

memory/4964-3-0x000001DB86DB0000-0x000001DB86DD0000-memory.dmp

memory/4964-4-0x000001DAF4730000-0x000001DAF4750000-memory.dmp

memory/4964-5-0x000001DB86DB0000-0x000001DB86DD0000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win7-20240419-en

Max time kernel

840s

Max time network

1201s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1676-0-0x0000000000270000-0x0000000000290000-memory.dmp

memory/1676-2-0x0000000002510000-0x0000000002530000-memory.dmp

memory/1676-1-0x0000000002040000-0x0000000002060000-memory.dmp

memory/1676-3-0x0000000002040000-0x0000000002060000-memory.dmp

memory/1676-4-0x0000000002510000-0x0000000002530000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:44

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

291s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

memory/3648-0-0x000001C718250000-0x000001C718270000-memory.dmp

memory/3648-1-0x000001C7182A0000-0x000001C7182C0000-memory.dmp

memory/3648-3-0x000001C7183F0000-0x000001C718410000-memory.dmp

memory/3648-2-0x000001C7183D0000-0x000001C7183F0000-memory.dmp

memory/3648-5-0x000001C7183F0000-0x000001C718410000-memory.dmp

memory/3648-4-0x000001C7183D0000-0x000001C7183F0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240226-en

Max time kernel

1192s

Max time network

1207s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1044 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 35.197.79.40.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.178.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp

Files

memory/1932-0-0x0000021022C70000-0x0000021022C90000-memory.dmp

memory/1932-1-0x00000210245B0000-0x00000210245D0000-memory.dmp

memory/1932-2-0x00000210B6D70000-0x00000210B6D90000-memory.dmp

memory/1932-3-0x00000210245D0000-0x00000210245F0000-memory.dmp

memory/1932-4-0x00000210B6D70000-0x00000210B6D90000-memory.dmp

memory/1932-5-0x00000210245D0000-0x00000210245F0000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240508-en

Max time kernel

1083s

Max time network

1203s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

memory/4468-0-0x000001FCCCE90000-0x000001FCCCEB0000-memory.dmp

memory/4468-1-0x000001FCCCEE0000-0x000001FCCCF00000-memory.dmp

memory/4468-2-0x000001FCCCF00000-0x000001FCCCF20000-memory.dmp

memory/4468-3-0x000001FCCCF40000-0x000001FCCCF60000-memory.dmp

memory/4468-4-0x000001FCCCF00000-0x000001FCCCF20000-memory.dmp

memory/4468-5-0x000001FCCCF40000-0x000001FCCCF60000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win10v2004-20240426-en

Max time kernel

451s

Max time network

1194s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

memory/1884-0-0x00000214D7060000-0x00000214D7080000-memory.dmp

memory/1884-1-0x00000214D70B0000-0x00000214D70D0000-memory.dmp

memory/1884-2-0x00000214D70D0000-0x00000214D70F0000-memory.dmp

memory/1884-3-0x00000214D70F0000-0x00000214D7110000-memory.dmp

memory/1884-4-0x00000214D70D0000-0x00000214D70F0000-memory.dmp

memory/1884-5-0x00000214D70F0000-0x00000214D7110000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240221-en

Max time kernel

842s

Max time network

1195s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1272-0-0x0000000000100000-0x0000000000120000-memory.dmp

memory/1272-2-0x0000000000310000-0x0000000000330000-memory.dmp

memory/1272-1-0x0000000000170000-0x0000000000190000-memory.dmp

memory/1272-4-0x0000000000310000-0x0000000000330000-memory.dmp

memory/1272-3-0x0000000000170000-0x0000000000190000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:59

Platform

win10v2004-20240226-en

Max time kernel

1194s

Max time network

1204s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.178.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/3980-0-0x000001E31F3E0000-0x000001E31F400000-memory.dmp

memory/3980-1-0x000001E320DE0000-0x000001E320E00000-memory.dmp

memory/3980-2-0x000001E320E00000-0x000001E320E20000-memory.dmp

memory/3980-3-0x000001E320E20000-0x000001E320E40000-memory.dmp

memory/3980-4-0x000001E320E00000-0x000001E320E20000-memory.dmp

memory/3980-5-0x000001E320E20000-0x000001E320E40000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 15:00

Platform

win10v2004-20240508-en

Max time kernel

448s

Max time network

1205s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 108.116.69.13.in-addr.arpa udp

Files

memory/3652-0-0x000002DAFFB90000-0x000002DAFFBB0000-memory.dmp

memory/3652-1-0x000002DAFFBE0000-0x000002DAFFC00000-memory.dmp

memory/3652-2-0x000002DAFFD10000-0x000002DAFFD30000-memory.dmp

memory/3652-3-0x000002DAFFD30000-0x000002DAFFD50000-memory.dmp

memory/3652-4-0x000002DAFFD10000-0x000002DAFFD30000-memory.dmp

memory/3652-5-0x000002DAFFD30000-0x000002DAFFD50000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-25 14:37

Reported

2024-05-25 14:58

Platform

win7-20240419-en

Max time kernel

842s

Max time network

1193s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2920-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2920-2-0x0000000000570000-0x0000000000590000-memory.dmp

memory/2920-1-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2920-3-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2920-4-0x0000000000570000-0x0000000000590000-memory.dmp