Overview

overview

10

Static

static

10

aa314ec195...d1.exe

windows7-x64

10

aa314ec195...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-09-2024 07:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa314ec195716719f1d763b5409a9cd1.exe

  • Size

    5.9MB

  • MD5

    aa314ec195716719f1d763b5409a9cd1

  • SHA1

    3a9e0a4e6371fccc6d5a8979e295e1052c6a6443

  • SHA256

    774fc5fe203787ee31e5d87d40648af71c6a7494a1803fb4cb320dbed0d3f722

  • SHA512

    bc0ecca07efd8703849e86696d43e8ad28ee9d077c087cfe74348460076e3ce42a7ec5d34636efdc639dd89ceef6fc6cdd5e04cea5908b6e11ddccff865c0610

  • SSDEEP

    98304:BemTLkNdfE0pZrT56utgpPFotBER/mQ32lUD:Q+u56utgpPF8u/7D

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 2 IoCs
    miner
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa314ec195716719f1d763b5409a9cd1.exe
    "C:\Users\Admin\AppData\Local\Temp\aa314ec195716719f1d763b5409a9cd1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1384-0-0x00007FF733330000-0x00007FF733684000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1384-1-0x000001DC5AE20000-0x000001DC5AE30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1384-2-0x00007FF733330000-0x00007FF733684000-memory.dmp

    Filesize

    3.3MB

    Download