xmrig | 245ce566ba9b8eeecab4059c196d0aa239d88b7f2d803b2f987bb0428266a979

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
Size

1.1MB
MD5

7aef3d154b20faac87c0c612aa888d07
SHA1

21f205441efda87407e661d65d78ae9d78d35b5f
SHA256

245ce566ba9b8eeecab4059c196d0aa239d88b7f2d803b2f987bb0428266a979
SHA512

4cc47ecb7940e4540f4036fd9bf7909d6893a2e3ca02fe69cea5729570d06da50c4b6c1446a26ed9304eddfae027d7b88e12ab05ecc7d25427da362a54ef1720
SSDEEP

24576:VH7uEWTthRotvr5q65yTYsfu9FICPTVYNkndrVGmV:AEwthRAq6QTYsk9TVYNkndrl

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral1/memory/2164-0-0x000000013F300000-0x000000013F41E000-memory.dmp	xmrig

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2164	7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\7aef3d154b20faac87c0c612aa888d07_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-0-0x000000013F300000-0x000000013F41E000-memory.dmp

Filesize
1.1MB

Download