xmrig | b97bde9fbe0f165d5148d24f208343df8fb6e53892b523e29e2fb0697ae0d3f5

Analysis

max time kernel
138s
max time network
143s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 12:49

Target

2024-06-10_22acef9db62e1c3ec3f70f1d8e13c1bc_polyvice_xmrig.exe
Size

7.0MB
MD5

22acef9db62e1c3ec3f70f1d8e13c1bc
SHA1

c37f88727caa4f98e9434119ccf40b3f7d1043e8
SHA256

b97bde9fbe0f165d5148d24f208343df8fb6e53892b523e29e2fb0697ae0d3f5
SHA512

3fae5fc249f2e7ba77bb39abdad7d7cc4f068e49f48cecf20f32bfa07a01d97a5bb8ff2601a5a74fb4098453153a120a22ef3480ea03588714dff3705fee53d8
SSDEEP

98304:xvdtTPY39rMCEIrcMGmME5wKFtL6qonvV8c1cxRc7JcMqM0p+NUyXrqC6asF/FBa:xsS1cQcKqC6asFzj8rSK

Score

10^/10

xmrig miner

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2068-1-0x000000013FE60000-0x000000014087D000-memory.dmp	xmrig
behavioral1/memory/2068-8-0x000000013FE60000-0x000000014087D000-memory.dmp	xmrig
behavioral1/memory/2068-10-0x000000013FE60000-0x000000014087D000-memory.dmp	xmrig
behavioral1/memory/2068-12-0x000000013FE60000-0x000000014087D000-memory.dmp	xmrig
behavioral1/memory/2068-14-0x000000013FE60000-0x000000014087D000-memory.dmp	xmrig
behavioral1/memory/2068-17-0x000000013FE60000-0x000000014087D000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2068	2024-06-10_22acef9db62e1c3ec3f70f1d8e13c1bc_polyvice_xmrig.exe
Token: SeLockMemoryPrivilege	2068	2024-06-10_22acef9db62e1c3ec3f70f1d8e13c1bc_polyvice_xmrig.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-10_22acef9db62e1c3ec3f70f1d8e13c1bc_polyvice_xmrig.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-10_22acef9db62e1c3ec3f70f1d8e13c1bc_polyvice_xmrig.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2068

memory/2068-0-0x0000000000090000-0x00000000000B0000-memory.dmp

Filesize
128KB

Download
memory/2068-1-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download
memory/2068-4-0x00000000021F0000-0x0000000002210000-memory.dmp

Filesize
128KB

Download
memory/2068-7-0x0000000002250000-0x0000000002270000-memory.dmp

Filesize
128KB

Download
memory/2068-6-0x0000000002230000-0x0000000002250000-memory.dmp

Filesize
128KB

Download
memory/2068-5-0x0000000002210000-0x0000000002230000-memory.dmp

Filesize
128KB

Download
memory/2068-3-0x0000000001D80000-0x0000000001DA0000-memory.dmp

Filesize
128KB

Download
memory/2068-2-0x0000000001D60000-0x0000000001D80000-memory.dmp

Filesize
128KB

Download
memory/2068-8-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download
memory/2068-10-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download
memory/2068-12-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download
memory/2068-14-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download
memory/2068-17-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download
memory/2068-18-0x000000013FE60000-0x000000014087D000-memory.dmp

Filesize
10.1MB

Download