Overview

overview

10

Static

static

10

ee28532011...0N.exe

windows7-x64

10

ee28532011...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ee2853201104059bcef04fedd663d270N.exe

  • Size

    1.3MB

  • Sample

    240715-rtnepavfjr

  • MD5

    ee2853201104059bcef04fedd663d270

  • SHA1

    a826f320329805243db301ab7ad365ee4aee2e32

  • SHA256

    36fbf1f2d4fade0f0de7f73896f82ecedc30aba25c925e7599d552d9d00bac72

  • SHA512

    7ecf80dc47cee2a7a838c0c4acd1387acc0f68bcfb087c3e660903ba25336b75a73fd525e0e300a22fc6111da275dd40b92e0a8268e549a6eb2ab14b3e52f75c

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xjZQ3oYJX:Lz071uv4BPMkFfdk2aVDI

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      ee2853201104059bcef04fedd663d270N.exe

    • Size

      1.3MB

    • MD5

      ee2853201104059bcef04fedd663d270

    • SHA1

      a826f320329805243db301ab7ad365ee4aee2e32

    • SHA256

      36fbf1f2d4fade0f0de7f73896f82ecedc30aba25c925e7599d552d9d00bac72

    • SHA512

      7ecf80dc47cee2a7a838c0c4acd1387acc0f68bcfb087c3e660903ba25336b75a73fd525e0e300a22fc6111da275dd40b92e0a8268e549a6eb2ab14b3e52f75c

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xjZQ3oYJX:Lz071uv4BPMkFfdk2aVDI

    Score
    10/10
    xmrigexecutionminerupx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks