Analysis

  • max time kernel
    132s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 01:01

General

  • Target

    72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe

  • Size

    6.0MB

  • MD5

    6c909e2ba84e93489ac6dad72c38a23f

  • SHA1

    5dd2cbb04102dad89478ced97591b70b9247aeed

  • SHA256

    72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021

  • SHA512

    87af203291843ab4aa0c071f61f2688599c52218e6f382c9692654ded960044503d501a54619a00949b739277e4635514cf606569da8c57bc2036588692f1724

  • SSDEEP

    98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU2:T+856utgpPF8u/72

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe
    "C:\Users\Admin\AppData\Local\Temp\72c1f8267047568b3a07ec33daf900a504c581a9f570a452b55737ea71bc1021.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1084-0-0x000000013FEE0000-0x0000000140234000-memory.dmp

    Filesize

    3.3MB

  • memory/1084-1-0x0000000000300000-0x0000000000310000-memory.dmp

    Filesize

    64KB

  • memory/1084-2-0x000000013FEE0000-0x0000000140234000-memory.dmp

    Filesize

    3.3MB