xmrig | c5d5d86e51d8626be256fff486b4724275cf3b5532cd1d4ddfaeb9bdbdc172c2

max time kernel
290s
max time network
292s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/09/2024, 09:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TEST POP/Start-Salvium.bat
Size

102B
MD5

f6c3ca8b6489dd2343401ed0610a47ce
SHA1

1d6342ce8af33a4ba298d7b5e619502a7dbfe195
SHA256

1496fedb69b8dd719ebe2413ad6d59c5277d928bff1a86df265dee9060a007a0
SHA512

089a357fe5cd949df1b997a52e65fccf2ed2d493b40b86f896a1d79c26b94544a66a4aaba12ee3a7511a721c795a9728011d18d334f6663a563ad0bbbba0ee1b

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 29 IoCs

miner

resource	yara_rule
behavioral4/memory/592-2-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-3-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-6-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-9-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-10-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-11-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-12-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-13-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-14-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-15-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-16-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-17-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-18-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-19-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-20-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-21-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-22-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-23-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-24-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-25-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-26-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-27-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-28-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-29-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-30-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-31-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-32-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-33-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig
behavioral4/memory/592-34-0x00007FF653230000-0x00007FF653E62000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	592	xmrig.exe
Token: SeLockMemoryPrivilege	592	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
592	xmrig.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 592	4448	cmd.exe	74
PID 4448 wrote to memory of 592	4448	cmd.exe	74

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Salvium.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
  xmrig.exe -a rx/0 --url "sal.kryptex.network:7777" --user [email protected] -p x -k
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/592-0-0x000001FD62900000-0x000001FD62920000-memory.dmp

Filesize
128KB

Download
memory/592-1-0x000001FDF6340000-0x000001FDF6360000-memory.dmp

Filesize
128KB

Download
memory/592-2-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-3-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-5-0x000001FDF6780000-0x000001FDF67A0000-memory.dmp

Filesize
128KB

Download
memory/592-4-0x000001FDF69B0000-0x000001FDF69D0000-memory.dmp

Filesize
128KB

Download
memory/592-8-0x000001FDF6780000-0x000001FDF67A0000-memory.dmp

Filesize
128KB

Download
memory/592-7-0x000001FDF69B0000-0x000001FDF69D0000-memory.dmp

Filesize
128KB

Download
memory/592-6-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-9-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-10-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-11-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-12-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-13-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-14-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-15-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-16-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-17-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-18-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-19-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-20-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-21-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-22-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-23-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-24-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-25-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-26-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-27-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-28-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-29-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-30-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-31-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-32-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-33-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download
memory/592-34-0x00007FF653230000-0x00007FF653E62000-memory.dmp

Filesize
12.2MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads