xmrig | c5d5d86e51d8626be256fff486b4724275cf3b5532cd1d4ddfaeb9bdbdc172c2

max time kernel
290s
max time network
292s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/09/2024, 09:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TEST POP/Start-Salvium.bat
Size

102B
MD5

f6c3ca8b6489dd2343401ed0610a47ce
SHA1

1d6342ce8af33a4ba298d7b5e619502a7dbfe195
SHA256

1496fedb69b8dd719ebe2413ad6d59c5277d928bff1a86df265dee9060a007a0
SHA512

089a357fe5cd949df1b997a52e65fccf2ed2d493b40b86f896a1d79c26b94544a66a4aaba12ee3a7511a721c795a9728011d18d334f6663a563ad0bbbba0ee1b

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 29 IoCs

miner

resource	yara_rule
behavioral4/memory/592-2-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-3-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-6-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-9-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-10-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-11-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-12-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-13-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-14-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-15-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-16-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-17-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-18-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-19-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-20-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-21-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-22-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-23-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-24-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-25-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-26-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-27-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-28-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-29-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-30-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-31-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-32-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-33-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-34-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	592	xmrig.exe
Token: SeLockMemoryPrivilege	592	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
592	xmrig.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 592	4448	cmd.exe	74
PID 4448 wrote to memory of 592	4448	cmd.exe	74

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Salvium.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
  xmrig.exe -a rx/0 --url "sal.kryptex.network:7777" --user scallorphee@gmail.com -p x -k
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:592

Network

DNS

sal.kryptex.network

xmrig.exe

Remote address:

8.8.8.8:53

Request

sal.kryptex.network

IN A

Response

sal.kryptex.network

IN A

5.9.61.230
DNS

230.61.9.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.61.9.5.in-addr.arpa

IN PTR

Response

230.61.9.5.in-addr.arpa

IN PTR

static2306195clientsyour-serverde
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

175.117.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.117.168.52.in-addr.arpa

IN PTR

Response
DNS

68.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.144.22.2.in-addr.arpa

IN PTR

Response

68.144.22.2.in-addr.arpa

IN PTR

a2-22-144-68deploystaticakamaitechnologiescom
DNS

102.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

102.144.22.2.in-addr.arpa

IN PTR

Response

102.144.22.2.in-addr.arpa

IN PTR

a2-22-144-102deploystaticakamaitechnologiescom

5.9.61.230:7777

sal.kryptex.network

xmrig.exe

1.9kB
3.6kB
21
18

8.8.8.8:53

sal.kryptex.network

dns

xmrig.exe

65 B
81 B
1
1

DNS Request

sal.kryptex.network

DNS Response

5.9.61.230
8.8.8.8:53

230.61.9.5.in-addr.arpa

dns

69 B
123 B
1
1

DNS Request

230.61.9.5.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

175.117.168.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

175.117.168.52.in-addr.arpa
8.8.8.8:53

68.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

68.144.22.2.in-addr.arpa
8.8.8.8:53

102.144.22.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

102.144.22.2.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/592-0-0x000001FD62900000-0x000001FD62920000-memory.dmp

Filesize
128KB

Download
memory/592-1-0x000001FDF6340000-0x000001FDF6360000-memory.dmp

Filesize
128KB

Download
memory/592-2-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-3-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-5-0x000001FDF6780000-0x000001FDF67A0000-memory.dmp

Filesize
128KB

Download
memory/592-4-0x000001FDF69B0000-0x000001FDF69D0000-memory.dmp

Filesize
128KB

Download
memory/592-8-0x000001FDF6780000-0x000001FDF67A0000-memory.dmp

Filesize
128KB

Download
memory/592-7-0x000001FDF69B0000-0x000001FDF69D0000-memory.dmp

Filesize
128KB

Download
memory/592-6-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-9-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-10-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-11-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-12-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-13-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-14-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-15-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-16-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-17-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-18-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-19-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-20-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-21-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-22-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-23-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-24-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-25-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-26-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-27-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-28-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-29-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-30-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-31-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-32-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-33-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-34-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.