Analysis
-
max time kernel
132s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-06-2024 01:01
Behavioral task
behavioral1
Sample
72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe
Resource
win7-20240508-en
4 signatures
150 seconds
General
-
Target
72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe
-
Size
6.0MB
-
MD5
6c909e2ba84e93489ac6dad72c38a23f
-
SHA1
5dd2cbb04102dad89478ced97591b70b9247aeed
-
SHA256
72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021
-
SHA512
87af203291843ab4aa0c071f61f2688599c52218e6f382c9692654ded960044503d501a54619a00949b739277e4635514cf606569da8c57bc2036588692f1724
-
SSDEEP
98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU2:T+856utgpPF8u/72
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral1/memory/1084-0-0x000000013FEE0000-0x0000000140234000-memory.dmp xmrig behavioral1/memory/1084-2-0x000000013FEE0000-0x0000000140234000-memory.dmp xmrig -
resource yara_rule behavioral1/memory/1084-0-0x000000013FEE0000-0x0000000140234000-memory.dmp upx behavioral1/memory/1084-2-0x000000013FEE0000-0x0000000140234000-memory.dmp upx -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1084 72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe Token: SeLockMemoryPrivilege 1084 72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe