98a6a0c9115133f11e152b8240ae8367cca0d3c2e81c75caffc7a8ee8ca73c2c

Analysis

max time kernel
199s
max time network
292s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 12:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

testx2-main/ads (13).exe
Size

362KB
MD5

b16954807827ccfa1e4738fce1089b62
SHA1

b2f6607d68e4d197892c515b16b3f61252304120
SHA256

2f8c68901f8df6f67796a8a892dd517c2011b93f271da04ed55448e9686ad984
SHA512

48726f50886b81a08317a0db0171ae3264880d43514086766e3f9a354b59101cf0755f8d815ad6979eab8c7fcc62969ff977ed9d780f30323f6143697869c0ed
SSDEEP

6144:eluUm0Yxw8f9ZzJ83K1woh8iMFJrCK1vHkk:eIUmXw29EYwoip

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1616	xmrigMiner.exe
Token: SeLockMemoryPrivilege	1616	xmrigMiner.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1616	xmrigMiner.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2208	1904	ads (13).exe	32
PID 1904 wrote to memory of 2208	1904	ads (13).exe	32
PID 1904 wrote to memory of 2208	1904	ads (13).exe	32
PID 2208 wrote to memory of 1616	2208	cmd.exe	33
PID 2208 wrote to memory of 1616	2208	cmd.exe	33
PID 2208 wrote to memory of 1616	2208	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\testx2-main\ads (13).exe
"C:\Users\Admin\AppData\Local\Temp\testx2-main\ads (13).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe" --daemonized
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe
    C:\Users\Admin\AppData\Local\Temp\testx2-main\xmrigMiner.exe --daemonized
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1616-0-0x0000000000280000-0x00000000002A0000-memory.dmp

Filesize
128KB

Download
memory/1616-4-0x00000000024E0000-0x0000000002500000-memory.dmp

Filesize
128KB

Download
memory/1616-3-0x00000000024C0000-0x00000000024E0000-memory.dmp

Filesize
128KB

Download
memory/1616-2-0x0000000002480000-0x00000000024A0000-memory.dmp

Filesize
128KB

Download
memory/1616-5-0x0000000002590000-0x00000000025B0000-memory.dmp

Filesize
128KB

Download
memory/1616-9-0x00000000027A0000-0x00000000027C0000-memory.dmp

Filesize
128KB

Download
memory/1616-8-0x00000000026F0000-0x0000000002710000-memory.dmp

Filesize
128KB

Download
memory/1616-7-0x00000000026D0000-0x00000000026F0000-memory.dmp

Filesize
128KB

Download
memory/1616-6-0x00000000026B0000-0x00000000026D0000-memory.dmp

Filesize
128KB

Download
memory/1616-1-0x00000000024A0000-0x00000000024C0000-memory.dmp

Filesize
128KB

Download
memory/1616-10-0x00000000024A0000-0x00000000024C0000-memory.dmp

Filesize
128KB

Download
memory/1616-13-0x00000000024E0000-0x0000000002500000-memory.dmp

Filesize
128KB

Download
memory/1616-12-0x00000000024C0000-0x00000000024E0000-memory.dmp

Filesize
128KB

Download
memory/1616-11-0x0000000002480000-0x00000000024A0000-memory.dmp

Filesize
128KB

Download
memory/1616-14-0x0000000002590000-0x00000000025B0000-memory.dmp

Filesize
128KB

Download
memory/1616-15-0x00000000026B0000-0x00000000026D0000-memory.dmp

Filesize
128KB

Download
memory/1616-18-0x00000000027A0000-0x00000000027C0000-memory.dmp

Filesize
128KB

Download
memory/1616-17-0x00000000026F0000-0x0000000002710000-memory.dmp

Filesize
128KB

Download
memory/1616-16-0x00000000026D0000-0x00000000026F0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads