xmrig | b1a351ee61443b8558934dca6b2fa9efb0a6d2d18bae61ace5a761596604dbfa | Triage

Submit
Reports

Overview

overview

Static

static

1

Updatemmmm.exe

windows11-21h2-x64

Sharing

General

Target

Updatemmmm.exe
Size

2.6MB
Sample

240707-lxap4s1fqb
MD5

61d3abff46a6bd2946925542c7d30397
SHA1

1fed80a136e67a5b7b6846010a5853400886ee9c
SHA256

b1a351ee61443b8558934dca6b2fa9efb0a6d2d18bae61ace5a761596604dbfa
SHA512

e9e25995faff34da94d30394474471dba45f5993a2efd07f5fb8c15cfdf7b3efa7c89d6796c66323938a1c31b3b89bd7578bef7c4297c6a9b68811f00aa89975
SSDEEP

49152:e+CCncEUAhZfuFtUasR7NICKP6Fhjf+POnLcjzlfXhITNE1u5xY13oNV:c8cMhZfuF6asRxm6Flf++olfX2u1OY13

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

Updatemmmm.exe

Resource

win11-20240704-en

xmrig evasion execution miner persistence upx

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Updatemmmm.exe
- Size
  
  2.6MB
- MD5
  
  61d3abff46a6bd2946925542c7d30397
- SHA1
  
  1fed80a136e67a5b7b6846010a5853400886ee9c
- SHA256
  
  b1a351ee61443b8558934dca6b2fa9efb0a6d2d18bae61ace5a761596604dbfa
- SHA512
  
  e9e25995faff34da94d30394474471dba45f5993a2efd07f5fb8c15cfdf7b3efa7c89d6796c66323938a1c31b3b89bd7578bef7c4297c6a9b68811f00aa89975
- SSDEEP
  
  49152:e+CCncEUAhZfuFtUasR7NICKP6Fhjf+POnLcjzlfXhITNE1u5xY13oNV:c8cMhZfuF6asRxm6Flf++olfX2u1OY13
Score

10^/10

xmrig evasion execution miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

© 2018-2024

Terms | Privacy