Malware Analysis Report

2024-11-16 12:09

Sample ID 240526-m4n2rafh6y
Target OLD.rar
SHA256 3dda13d5f9e6b209fb76c69c25e9013797cc207e38ce3764c829947fc146c779
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3dda13d5f9e6b209fb76c69c25e9013797cc207e38ce3764c829947fc146c779

Threat Level: Known bad

The file OLD.rar was found to be: Known bad.

Malicious Activity Summary

miner xmrig

XMRig Miner payload

Xmrig family

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-26 11:01

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win10v2004-20240508-en

Max time kernel

1794s

Max time network

1800s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3960 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 3960 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/5076-0-0x0000027B9E480000-0x0000027B9E4A0000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win10v2004-20240508-en

Max time kernel

1792s

Max time network

1797s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 576 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 576 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/1696-0-0x000002096D740000-0x000002096D760000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:36

Platform

win10v2004-20240508-en

Max time kernel

1792s

Max time network

1800s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 228 wrote to memory of 1980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 228 wrote to memory of 1980 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/1980-0-0x000001A71C3A0000-0x000001A71C3C0000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:07

Platform

win10v2004-20240508-en

Max time kernel

1793s

Max time network

1798s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4264 wrote to memory of 3888 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 4264 wrote to memory of 3888 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/3888-0-0x0000018C10F50000-0x0000018C10F70000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:09

Platform

win10v2004-20240508-en

Max time kernel

1793s

Max time network

1802s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (10).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1040 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1040 wrote to memory of 1696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (10).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/1696-0-0x0000019571E60000-0x0000019571E80000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:16

Platform

win10v2004-20240508-en

Max time kernel

1794s

Max time network

1799s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (11).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2984 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2984 wrote to memory of 4576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (11).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/4576-0-0x00000188D9B90000-0x00000188D9BB0000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:34

Platform

win7-20231129-en

Max time kernel

1796s

Max time network

1797s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (15).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2748 wrote to memory of 1828 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2748 wrote to memory of 1828 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2748 wrote to memory of 1828 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (15).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1828-0-0x00000000001F0000-0x0000000000210000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:32

Platform

win7-20240221-en

Max time kernel

1800s

Max time network

1797s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (13).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 808 wrote to memory of 1748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 808 wrote to memory of 1748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 808 wrote to memory of 1748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (13).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 tcp

Files

memory/1748-0-0x0000000000080000-0x00000000000A0000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:18

Platform

win7-20240508-en

Max time kernel

1797s

Max time network

1802s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (12).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1716 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1716 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1716 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (12).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/2548-0-0x0000000000080000-0x00000000000A0000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:35

Platform

win7-20240220-en

Max time kernel

1796s

Max time network

1798s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (16).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 1744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1740 wrote to memory of 1744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1740 wrote to memory of 1744 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (16).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1744-0-0x0000000000300000-0x0000000000320000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:36

Platform

win10v2004-20240508-en

Max time kernel

1793s

Max time network

1798s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (16).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1344 wrote to memory of 1164 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1344 wrote to memory of 1164 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (16).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/1164-0-0x0000029A65E20000-0x0000029A65E40000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:06

Platform

win7-20240221-en

Max time kernel

1794s

Max time network

1797s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1644 wrote to memory of 2800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1644 wrote to memory of 2800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1644 wrote to memory of 2800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2800-0-0x00000000000F0000-0x0000000000110000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win7-20240508-en

Max time kernel

1797s

Max time network

1800s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2232 wrote to memory of 2764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2232 wrote to memory of 2764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/2764-0-0x0000000000480000-0x00000000004A0000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win7-20240508-en

Max time kernel

1797s

Max time network

1799s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 2400 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2116 wrote to memory of 2400 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2116 wrote to memory of 2400 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/2400-0-0x00000000000F0000-0x0000000000110000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:09

Platform

win10v2004-20240426-en

Max time kernel

1796s

Max time network

1801s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1408 wrote to memory of 4536 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1408 wrote to memory of 4536 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/4536-0-0x0000028DD5260000-0x0000028DD5280000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win10v2004-20240426-en

Max time kernel

1796s

Max time network

1800s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4400 wrote to memory of 1036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 4400 wrote to memory of 1036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1036-0-0x00000230FFEF0000-0x00000230FFF10000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win7-20240221-en

Max time kernel

1796s

Max time network

1798s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2068 wrote to memory of 2364 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2068 wrote to memory of 2364 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2068 wrote to memory of 2364 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2364-0-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:32

Platform

win10v2004-20240426-en

Max time kernel

1797s

Max time network

1801s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (12).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1600 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1600 wrote to memory of 2092 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (12).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2092-0-0x0000018C76BC0000-0x0000018C76BE0000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:33

Platform

win7-20240221-en

Max time kernel

1796s

Max time network

1799s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (14).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 384 wrote to memory of 2996 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 384 wrote to memory of 2996 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 384 wrote to memory of 2996 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (14).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2996-0-0x0000000000080000-0x00000000000A0000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:35

Platform

win10v2004-20240508-en

Max time kernel

1794s

Max time network

1799s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (15).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4856 wrote to memory of 2860 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 4856 wrote to memory of 2860 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (15).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3940,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/2860-0-0x0000020436290000-0x00000204362B0000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win7-20240508-en

Max time kernel

1797s

Max time network

1799s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1736 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 1736 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/2184-0-0x0000000000300000-0x0000000000320000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:09

Platform

win7-20240221-en

Max time kernel

1795s

Max time network

1800s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (10).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2212 wrote to memory of 1072 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2212 wrote to memory of 1072 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2212 wrote to memory of 1072 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (10).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1072-0-0x00000000001F0000-0x0000000000210000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:33

Platform

win10v2004-20240426-en

Max time kernel

1797s

Max time network

1803s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (14).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4428 wrote to memory of 3256 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 4428 wrote to memory of 3256 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (14).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/3256-0-0x000001AB0A540000-0x000001AB0A560000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:07

Platform

win7-20240221-en

Max time kernel

1794s

Max time network

1801s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 1036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2236 wrote to memory of 1036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2236 wrote to memory of 1036 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1036-0-0x00000000000F0000-0x0000000000110000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win10v2004-20240508-en

Max time kernel

1793s

Max time network

1801s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3508 wrote to memory of 2520 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 3508 wrote to memory of 2520 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/2520-0-0x000001DD047F0000-0x000001DD04810000-memory.dmp

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:14

Platform

win7-20231129-en

Max time kernel

1793s

Max time network

1796s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (11).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2232 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2232 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (11).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2328-0-0x00000000000F0000-0x0000000000110000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:32

Platform

win10v2004-20240226-en

Max time kernel

1794s

Max time network

1806s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (13).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3404 wrote to memory of 1656 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 3404 wrote to memory of 1656 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (13).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3780 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1656-0-0x0000020ED90D0000-0x0000020ED90F0000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:36

Platform

win7-20240221-en

Max time kernel

1797s

Max time network

1799s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 856 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 856 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 856 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1764-0-0x0000000000080000-0x00000000000A0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:06

Platform

win10v2004-20240508-en

Max time kernel

1793s

Max time network

1798s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3700 wrote to memory of 1700 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 3700 wrote to memory of 1700 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (2) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/1700-0-0x000001ECE43C0000-0x000001ECE43E0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:07

Platform

win7-20240508-en

Max time kernel

1797s

Max time network

1799s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2416 wrote to memory of 1288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2416 wrote to memory of 1288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2416 wrote to memory of 1288 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (3) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 xmr.2miners.com udp

Files

memory/1288-0-0x00000000001F0000-0x0000000000210000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win10v2004-20240426-en

Max time kernel

1794s

Max time network

1800s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2824 wrote to memory of 5016 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2824 wrote to memory of 5016 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (4).cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/5016-0-0x000001FFE9890000-0x000001FFE98B0000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-26 11:01

Reported

2024-06-10 16:08

Platform

win7-20231129-en

Max time kernel

1797s

Max time network

1799s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2264 wrote to memory of 956 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2264 wrote to memory of 956 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe
PID 2264 wrote to memory of 956 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\OLD\pool_mine_example - Copy (5) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\OLD\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/956-0-0x00000000000F0000-0x0000000000110000-memory.dmp