Overview

overview

10

Static

static

10

ETC XMR4/start.bat

windows7-x64

1

ETC XMR4/start.bat

windows10-1703-x64

1

ETC XMR4/start.bat

windows10-2004-x64

1

ETC XMR4/start.bat

windows11-21h2-x64

1

Resubmissions

01/09/2024, 20:26

240901-y75dpa1fjg 10

01/09/2024, 19:46

240901-yg3r6szekl 10

01/09/2024, 19:11

240901-xvwqcazaqr 10

01/09/2024, 18:52

240901-xh9rfayfrr 10

Analysis

  • max time kernel
    844s
  • max time network
    919s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ETC XMR4/start.bat

  • Size

    110B

  • MD5

    5b696af5c780a7699a22b945dc062927

  • SHA1

    1f2a9887f83d7224ed710179da51080923fd1d7b

  • SHA256

    316e23befc16b34bfbe4b4adcf8d319b1af134ad51577e09a2b5a09ded70a781

  • SHA512

    c6f4b96c16b74dc93e4150d3bfb37d87fef49b49d1d1d3644528d399ba2ea9ae11ef309ae203fca3d6d19810bdbbf1ec6af36565e2f5fb17f1d24b06ae493685

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ETC XMR4\start.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Users\Admin\AppData\Local\Temp\ETC XMR4\xmrig.exe
      xmrig.exe -o rx.unmineable.com:3333 -a rx -k -u BTC:bc1qvqn8wzhgdh8xfy2klz9f5r4q882fpl840e472e.cpu -p x
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2328-0-0x0000000000080000-0x00000000000A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2328-2-0x0000000000530000-0x0000000000550000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2328-1-0x00000000004A0000-0x00000000004C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2328-3-0x00000000004A0000-0x00000000004C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2328-4-0x0000000000530000-0x0000000000550000-memory.dmp

    Filesize

    128KB

    Download