xmrig | 441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 07:58

Target

441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077_NeikiAnalytics.exe
Size

1.9MB
MD5

80daaab790d1c8df7ff741f6f01f77a0
SHA1

b68f97df51e7528219d600bd1c95f7b3f8f3966a
SHA256

441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077
SHA512

758165c7dae937a30d0415c501db803d441bafdba825168e2af0f32a0d80840cec5106004a9bc690a00aca97b386a91e887d438b917d9a2a1037f7123f8f7984
SSDEEP

49152:ROdWCCi7/rahHxhOWenbffOldXeLA1cFrYNU0GFAp1:RWWBibaD

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral2/memory/3892-2-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-3-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-4-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-5-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-6-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-7-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-8-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-9-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-10-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-11-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-12-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-13-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-14-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig
behavioral2/memory/3892-15-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	xmrig

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3892-0-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-2-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-3-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-4-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-5-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-6-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-7-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-8-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-9-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-10-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-11-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-12-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-13-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-14-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx
behavioral2/memory/3892-15-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3892	441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3892	441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\441176dec7139c09698638e2f385195e80c54a9da297e57c8cfae4acfcc4b077_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3892

memory/3892-0-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-1-0x0000015FCC370000-0x0000015FCC380000-memory.dmp

Filesize
64KB

Download
memory/3892-2-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-3-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-4-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-5-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-6-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-7-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-8-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-9-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-10-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-11-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-12-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-13-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-14-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download
memory/3892-15-0x00007FF65BBB0000-0x00007FF65BF01000-memory.dmp

Filesize
3.3MB

Download