General
-
Target
virus exposed.zip
-
Size
46.5MB
-
Sample
240530-ww3plsha66
-
MD5
d411e55150384a2f7469d7b76a87e35e
-
SHA1
2e2b7333b4ef34e831c835a2e6971447b1b49a08
-
SHA256
26a181e5b6ea5beabd5b58c241e9181bfbe4bd791181c8dbf0311f3512293850
-
SHA512
35a286c8f51010985907b7ebc10902fc7182f449355a8fa7fc679b63bb33df7717616c966dfb7e7e54da17898abfda10107dd72fe231b52c22c4fa5b9a6c14e6
-
SSDEEP
786432:B61QqYq5RNDWpMs7eiTz2hj5Vzk3ALepy7EJLvkfo2KNz/X1tSMFhui2dHVlINN/:o1gANDW6s7e3j5VzlhEJLviuCM52HCr1
Behavioral task
behavioral1
Sample
miner (2).TMP/Client.exe
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
miner (2).TMP/num2.exe
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
miner.TMP/MicrosoftEdgeUpdater.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
miner (2).TMP/Client.exe
-
Size
157KB
-
MD5
2560eaeea2f78be73934dff77dc21115
-
SHA1
47da9e0270fdd3c762dcb371614eaf4ff67add03
-
SHA256
c5bbe1f75d15903b38f0c1e944b8205dcbbb8033206b22921ad90bc64b0699e6
-
SHA512
5ac9af16716e2e9ffa1cec0f74f273468789caf157ddfe7cbf20e6efdf03ad5f0c86d46bf8944c15a79c8d890ec4f683a9c4758c44c3ce5a5f0d3915f9fe977c
-
SSDEEP
3072:CISoucNzBhW8cKaf7uWQOPodew6FPudZjbahd1P+Aw+RMqgZ:YK5cKsK/jdew6xulbaP+ug
Score10/10-
Modifies Windows Firewall
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
miner (2).TMP/num2.EXE
-
Size
4.3MB
-
MD5
e6fe75c4390d3970545f0fdbb3274244
-
SHA1
8b6ed33f1778800cf0549bd7214249bdb81fbb58
-
SHA256
48aaa21d99bf5fb15abc6945911438e5f3ac4c378ac89bc4eb850200f9f648d5
-
SHA512
17b0911f13a1348e6511faf412f63721e7df7b196ae3a6acb86789eb04a2f8a90a42a6931a0c0ad45ee98910c4661c6db7e43623c560a963cd4d021ce9b1ad20
-
SSDEEP
98304:964joDvotqdFGNQPhzexAgEC3ziTnaK9vHQR1kUe3HB1ih:9RvtwFmQZ6xXECDAnaSswBM
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
miner.TMP/MicrosoftEdgeUpdater.exe
-
Size
2.7MB
-
MD5
19c095e1c399bdaa0663caa9162f0b0e
-
SHA1
cb5504712ec965f7c43883f2f251823755b1e37e
-
SHA256
38edfd7aa66f3ae1f376b9cdce558befd877d749e38306f412e8db436cb56713
-
SHA512
a2a8e9e5140d7b306ba98d3674aa89b3e287cdf39bcf4b326148d963c38052fc65e99a17c0bf846150d71ff3efbd2c9d4b61b4c2d5847f8c9afa222af4c946d9
-
SSDEEP
49152:9fYIxVYU98IqK6VW6tE1ZWD4Zs52YeycKk4BVhGJneLriO:VYIxVZ98I71/ZsQIcKDoYr
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
miner.TMP/jhi_service.exe
-
Size
2.5MB
-
MD5
1994ad04639f3d12c7bbfa37feb3434f
-
SHA1
4979247e5a9771286a91827851527e5dbfb80c8e
-
SHA256
c75f76cf5b34b4a165ad5705ae5229f67fc081d958239bf0faea58e6c342301c
-
SHA512
adc4eb990fc6721a0a39cf9832f133bde025a31b3ecd4d84e076d8c454b40dd043f1f045f6f989febf2478999a190d116a58192c49d8b878414490e7ce451b43
-
SSDEEP
49152:JeyI4v7SO1chT1kPoGyH22x8wfc3QC/FGQAC8TnWhVpihDHdggjrKCnQPzkwG:JtjehT1kA4wXGMRyk7Kg/nnY
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3