xmrig | 115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319

Analysis

max time kernel
110s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
Size

1.2MB
MD5

0051a1bd9a0bf741103f02bff875cab0
SHA1

7ac520b6dfda32e92dcb8ce289c9e76f2dfdb8ee
SHA256

115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319
SHA512

0c874f2fe4ddc47f9c1f47bfeb4e76120e47a587d92da23f61163e9c6b31c82ce3e102a67fd42ddf0be78989561270f3efeab922e1c2e177a44ae26cc9f93638
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlgQ5aILMCfmAUhrSO1YNqt:knw9oUUEEDld5aIwC+AUBss

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/3436-110-0x00007FF75A1D0000-0x00007FF75A5C1000-memory.dmp	xmrig
behavioral2/memory/3076-111-0x00007FF75A000000-0x00007FF75A3F1000-memory.dmp	xmrig
behavioral2/memory/3208-113-0x00007FF652C20000-0x00007FF653011000-memory.dmp	xmrig
behavioral2/memory/4660-112-0x00007FF652A80000-0x00007FF652E71000-memory.dmp	xmrig
behavioral2/memory/2324-114-0x00007FF621290000-0x00007FF621681000-memory.dmp	xmrig
behavioral2/memory/1816-115-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp	xmrig
behavioral2/memory/2184-116-0x00007FF7E03F0000-0x00007FF7E07E1000-memory.dmp	xmrig
behavioral2/memory/3284-118-0x00007FF75C7E0000-0x00007FF75CBD1000-memory.dmp	xmrig
behavioral2/memory/1636-119-0x00007FF77AA80000-0x00007FF77AE71000-memory.dmp	xmrig
behavioral2/memory/3152-117-0x00007FF7DBA00000-0x00007FF7DBDF1000-memory.dmp	xmrig
behavioral2/memory/4932-120-0x00007FF6BAC10000-0x00007FF6BB001000-memory.dmp	xmrig
behavioral2/memory/4540-121-0x00007FF667B80000-0x00007FF667F71000-memory.dmp	xmrig
behavioral2/memory/2932-123-0x00007FF643520000-0x00007FF643911000-memory.dmp	xmrig
behavioral2/memory/3424-124-0x00007FF65D4C0000-0x00007FF65D8B1000-memory.dmp	xmrig
behavioral2/memory/2200-125-0x00007FF7EC080000-0x00007FF7EC471000-memory.dmp	xmrig
behavioral2/memory/1356-122-0x00007FF6F0FE0000-0x00007FF6F13D1000-memory.dmp	xmrig
behavioral2/memory/4836-126-0x00007FF7979E0000-0x00007FF797DD1000-memory.dmp	xmrig
behavioral2/memory/3944-127-0x00007FF7523D0000-0x00007FF7527C1000-memory.dmp	xmrig
behavioral2/memory/2304-128-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	xmrig
behavioral2/memory/4920-130-0x00007FF705580000-0x00007FF705971000-memory.dmp	xmrig
behavioral2/memory/3276-129-0x00007FF604590000-0x00007FF604981000-memory.dmp	xmrig
behavioral2/memory/4952-131-0x00007FF680430000-0x00007FF680821000-memory.dmp	xmrig
behavioral2/memory/2304-150-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	xmrig
behavioral2/memory/2304-151-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	xmrig
behavioral2/memory/3276-217-0x00007FF604590000-0x00007FF604981000-memory.dmp	xmrig
behavioral2/memory/4836-219-0x00007FF7979E0000-0x00007FF797DD1000-memory.dmp	xmrig
behavioral2/memory/4952-223-0x00007FF680430000-0x00007FF680821000-memory.dmp	xmrig
behavioral2/memory/3436-226-0x00007FF75A1D0000-0x00007FF75A5C1000-memory.dmp	xmrig
behavioral2/memory/3944-227-0x00007FF7523D0000-0x00007FF7527C1000-memory.dmp	xmrig
behavioral2/memory/3076-229-0x00007FF75A000000-0x00007FF75A3F1000-memory.dmp	xmrig
behavioral2/memory/4660-231-0x00007FF652A80000-0x00007FF652E71000-memory.dmp	xmrig
behavioral2/memory/4920-222-0x00007FF705580000-0x00007FF705971000-memory.dmp	xmrig
behavioral2/memory/1636-238-0x00007FF77AA80000-0x00007FF77AE71000-memory.dmp	xmrig
behavioral2/memory/1816-241-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp	xmrig
behavioral2/memory/4932-247-0x00007FF6BAC10000-0x00007FF6BB001000-memory.dmp	xmrig
behavioral2/memory/3208-245-0x00007FF652C20000-0x00007FF653011000-memory.dmp	xmrig
behavioral2/memory/2184-240-0x00007FF7E03F0000-0x00007FF7E07E1000-memory.dmp	xmrig
behavioral2/memory/3284-235-0x00007FF75C7E0000-0x00007FF75CBD1000-memory.dmp	xmrig
behavioral2/memory/3152-234-0x00007FF7DBA00000-0x00007FF7DBDF1000-memory.dmp	xmrig
behavioral2/memory/2324-244-0x00007FF621290000-0x00007FF621681000-memory.dmp	xmrig
behavioral2/memory/2200-251-0x00007FF7EC080000-0x00007FF7EC471000-memory.dmp	xmrig
behavioral2/memory/1356-257-0x00007FF6F0FE0000-0x00007FF6F13D1000-memory.dmp	xmrig
behavioral2/memory/2932-256-0x00007FF643520000-0x00007FF643911000-memory.dmp	xmrig
behavioral2/memory/4540-250-0x00007FF667B80000-0x00007FF667F71000-memory.dmp	xmrig
behavioral2/memory/3424-253-0x00007FF65D4C0000-0x00007FF65D8B1000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
3276	VXAvqZe.exe
4920	gBezghW.exe
4836	gqrmJaH.exe
4952	FeUSuRK.exe
3944	eBrsNhX.exe
3436	HSDoaTk.exe
3076	XSmRrKA.exe
4660	wYKfYGB.exe
3208	stPUGsG.exe
2324	QszktSN.exe
1816	hRWEEpb.exe
2184	EpOzZIF.exe
3152	kyRBQDY.exe
3284	kclKoTL.exe
1636	kyNEaDW.exe
4932	nJPJneo.exe
4540	BoDfEhN.exe
1356	ibvySCl.exe
2932	dXgDjdo.exe
3424	cjOqCrw.exe
2200	KiAHsha.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2304-0-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	upx
behavioral2/files/0x000900000002346d-4.dat	upx
behavioral2/files/0x00070000000234cd-16.dat	upx
behavioral2/memory/4920-21-0x00007FF705580000-0x00007FF705971000-memory.dmp	upx
behavioral2/files/0x00070000000234cb-23.dat	upx
behavioral2/files/0x00070000000234d0-38.dat	upx
behavioral2/files/0x00070000000234d1-43.dat	upx
behavioral2/files/0x00070000000234d4-58.dat	upx
behavioral2/files/0x00070000000234d5-63.dat	upx
behavioral2/files/0x00070000000234d7-71.dat	upx
behavioral2/files/0x00070000000234d8-78.dat	upx
behavioral2/files/0x00070000000234da-86.dat	upx
behavioral2/files/0x00070000000234dd-103.dat	upx
behavioral2/files/0x00070000000234de-107.dat	upx
behavioral2/files/0x00070000000234dc-98.dat	upx
behavioral2/files/0x00070000000234db-93.dat	upx
behavioral2/files/0x00070000000234d9-83.dat	upx
behavioral2/files/0x00070000000234d6-68.dat	upx
behavioral2/memory/4952-109-0x00007FF680430000-0x00007FF680821000-memory.dmp	upx
behavioral2/files/0x00070000000234d3-53.dat	upx
behavioral2/memory/3436-110-0x00007FF75A1D0000-0x00007FF75A5C1000-memory.dmp	upx
behavioral2/files/0x00070000000234d2-48.dat	upx
behavioral2/files/0x00070000000234cf-33.dat	upx
behavioral2/files/0x00070000000234ce-31.dat	upx
behavioral2/files/0x00070000000234cc-25.dat	upx
behavioral2/memory/3276-9-0x00007FF604590000-0x00007FF604981000-memory.dmp	upx
behavioral2/memory/3076-111-0x00007FF75A000000-0x00007FF75A3F1000-memory.dmp	upx
behavioral2/memory/3208-113-0x00007FF652C20000-0x00007FF653011000-memory.dmp	upx
behavioral2/memory/4660-112-0x00007FF652A80000-0x00007FF652E71000-memory.dmp	upx
behavioral2/memory/2324-114-0x00007FF621290000-0x00007FF621681000-memory.dmp	upx
behavioral2/memory/1816-115-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp	upx
behavioral2/memory/2184-116-0x00007FF7E03F0000-0x00007FF7E07E1000-memory.dmp	upx
behavioral2/memory/3284-118-0x00007FF75C7E0000-0x00007FF75CBD1000-memory.dmp	upx
behavioral2/memory/1636-119-0x00007FF77AA80000-0x00007FF77AE71000-memory.dmp	upx
behavioral2/memory/3152-117-0x00007FF7DBA00000-0x00007FF7DBDF1000-memory.dmp	upx
behavioral2/memory/4932-120-0x00007FF6BAC10000-0x00007FF6BB001000-memory.dmp	upx
behavioral2/memory/4540-121-0x00007FF667B80000-0x00007FF667F71000-memory.dmp	upx
behavioral2/memory/2932-123-0x00007FF643520000-0x00007FF643911000-memory.dmp	upx
behavioral2/memory/3424-124-0x00007FF65D4C0000-0x00007FF65D8B1000-memory.dmp	upx
behavioral2/memory/2200-125-0x00007FF7EC080000-0x00007FF7EC471000-memory.dmp	upx
behavioral2/memory/1356-122-0x00007FF6F0FE0000-0x00007FF6F13D1000-memory.dmp	upx
behavioral2/memory/4836-126-0x00007FF7979E0000-0x00007FF797DD1000-memory.dmp	upx
behavioral2/memory/3944-127-0x00007FF7523D0000-0x00007FF7527C1000-memory.dmp	upx
behavioral2/memory/2304-128-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	upx
behavioral2/memory/4920-130-0x00007FF705580000-0x00007FF705971000-memory.dmp	upx
behavioral2/memory/3276-129-0x00007FF604590000-0x00007FF604981000-memory.dmp	upx
behavioral2/memory/4952-131-0x00007FF680430000-0x00007FF680821000-memory.dmp	upx
behavioral2/memory/2304-150-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	upx
behavioral2/memory/2304-151-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp	upx
behavioral2/memory/3276-217-0x00007FF604590000-0x00007FF604981000-memory.dmp	upx
behavioral2/memory/4836-219-0x00007FF7979E0000-0x00007FF797DD1000-memory.dmp	upx
behavioral2/memory/4952-223-0x00007FF680430000-0x00007FF680821000-memory.dmp	upx
behavioral2/memory/3436-226-0x00007FF75A1D0000-0x00007FF75A5C1000-memory.dmp	upx
behavioral2/memory/3944-227-0x00007FF7523D0000-0x00007FF7527C1000-memory.dmp	upx
behavioral2/memory/3076-229-0x00007FF75A000000-0x00007FF75A3F1000-memory.dmp	upx
behavioral2/memory/4660-231-0x00007FF652A80000-0x00007FF652E71000-memory.dmp	upx
behavioral2/memory/4920-222-0x00007FF705580000-0x00007FF705971000-memory.dmp	upx
behavioral2/memory/1636-238-0x00007FF77AA80000-0x00007FF77AE71000-memory.dmp	upx
behavioral2/memory/1816-241-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp	upx
behavioral2/memory/4932-247-0x00007FF6BAC10000-0x00007FF6BB001000-memory.dmp	upx
behavioral2/memory/3208-245-0x00007FF652C20000-0x00007FF653011000-memory.dmp	upx
behavioral2/memory/2184-240-0x00007FF7E03F0000-0x00007FF7E07E1000-memory.dmp	upx
behavioral2/memory/3284-235-0x00007FF75C7E0000-0x00007FF75CBD1000-memory.dmp	upx
behavioral2/memory/3152-234-0x00007FF7DBA00000-0x00007FF7DBDF1000-memory.dmp	upx

Drops file in System32 directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System32\hRWEEpb.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\EpOzZIF.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\kyRBQDY.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\XSmRrKA.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\wYKfYGB.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\QszktSN.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\FeUSuRK.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\ibvySCl.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\cjOqCrw.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\stPUGsG.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\kclKoTL.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\nJPJneo.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\dXgDjdo.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\gqrmJaH.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\eBrsNhX.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\HSDoaTk.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\BoDfEhN.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\KiAHsha.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\VXAvqZe.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\gBezghW.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
File created	C:\Windows\System32\kyNEaDW.exe	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
Token: SeLockMemoryPrivilege	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 3276	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	83
PID 2304 wrote to memory of 3276	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	83
PID 2304 wrote to memory of 4920	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	84
PID 2304 wrote to memory of 4920	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	84
PID 2304 wrote to memory of 4952	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	85
PID 2304 wrote to memory of 4952	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	85
PID 2304 wrote to memory of 4836	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	86
PID 2304 wrote to memory of 4836	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	86
PID 2304 wrote to memory of 3944	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	87
PID 2304 wrote to memory of 3944	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	87
PID 2304 wrote to memory of 3436	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	88
PID 2304 wrote to memory of 3436	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	88
PID 2304 wrote to memory of 3076	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	89
PID 2304 wrote to memory of 3076	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	89
PID 2304 wrote to memory of 4660	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	90
PID 2304 wrote to memory of 4660	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	90
PID 2304 wrote to memory of 3208	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	91
PID 2304 wrote to memory of 3208	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	91
PID 2304 wrote to memory of 2324	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	92
PID 2304 wrote to memory of 2324	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	92
PID 2304 wrote to memory of 1816	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	93
PID 2304 wrote to memory of 1816	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	93
PID 2304 wrote to memory of 2184	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	94
PID 2304 wrote to memory of 2184	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	94
PID 2304 wrote to memory of 3152	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	95
PID 2304 wrote to memory of 3152	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	95
PID 2304 wrote to memory of 3284	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	96
PID 2304 wrote to memory of 3284	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	96
PID 2304 wrote to memory of 1636	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	97
PID 2304 wrote to memory of 1636	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	97
PID 2304 wrote to memory of 4932	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	98
PID 2304 wrote to memory of 4932	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	98
PID 2304 wrote to memory of 4540	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	99
PID 2304 wrote to memory of 4540	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	99
PID 2304 wrote to memory of 1356	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	100
PID 2304 wrote to memory of 1356	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	100
PID 2304 wrote to memory of 2932	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	101
PID 2304 wrote to memory of 2932	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	101
PID 2304 wrote to memory of 3424	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	102
PID 2304 wrote to memory of 3424	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	102
PID 2304 wrote to memory of 2200	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	103
PID 2304 wrote to memory of 2200	2304	115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe	103

C:\Users\Admin\AppData\Local\Temp\115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe
"C:\Users\Admin\AppData\Local\Temp\115046eb6841b156e51a641c4c9899bb5560480dd3f458524014b85a6d7e1319N.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\System32\VXAvqZe.exe
  C:\Windows\System32\VXAvqZe.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System32\gBezghW.exe
  C:\Windows\System32\gBezghW.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System32\FeUSuRK.exe
  C:\Windows\System32\FeUSuRK.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System32\gqrmJaH.exe
  C:\Windows\System32\gqrmJaH.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System32\eBrsNhX.exe
  C:\Windows\System32\eBrsNhX.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System32\HSDoaTk.exe
  C:\Windows\System32\HSDoaTk.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System32\XSmRrKA.exe
  C:\Windows\System32\XSmRrKA.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System32\wYKfYGB.exe
  C:\Windows\System32\wYKfYGB.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System32\stPUGsG.exe
  C:\Windows\System32\stPUGsG.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System32\QszktSN.exe
  C:\Windows\System32\QszktSN.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System32\hRWEEpb.exe
  C:\Windows\System32\hRWEEpb.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System32\EpOzZIF.exe
  C:\Windows\System32\EpOzZIF.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System32\kyRBQDY.exe
  C:\Windows\System32\kyRBQDY.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System32\kclKoTL.exe
  C:\Windows\System32\kclKoTL.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System32\kyNEaDW.exe
  C:\Windows\System32\kyNEaDW.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System32\nJPJneo.exe
  C:\Windows\System32\nJPJneo.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System32\BoDfEhN.exe
  C:\Windows\System32\BoDfEhN.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System32\ibvySCl.exe
  C:\Windows\System32\ibvySCl.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System32\dXgDjdo.exe
  C:\Windows\System32\dXgDjdo.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System32\cjOqCrw.exe
  C:\Windows\System32\cjOqCrw.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System32\KiAHsha.exe
  C:\Windows\System32\KiAHsha.exe
  2⤵
  - Executes dropped EXE
  PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\BoDfEhN.exe

Filesize
1.2MB

MD5
7903ea0ca67a9f3a88ff2688786ea567

SHA1
d2efb9471a0752981318998e84eae045bee64997

SHA256
170c9a2facde8da35e370ae166e58b2cc76525a354d526948e6e76cf8e2e2b61

SHA512
4d0fff8d257e7efd581da85ff556e382e368723607946c06b81ca8973861844caa8166cb0c3795a6ce3f70bc78ca9422d35791868d017e63699a1a2cfeb81cdc

Download Submit
C:\Windows\System32\EpOzZIF.exe

Filesize
1.2MB

MD5
8a7bd11fa929a6941b2a0a3d07e4096f

SHA1
31b07d290ff797a4058a69e48f7e6b3f2c4d2399

SHA256
fd3be25fd760acb75166c1d86e86e67939cf1a89b3934bdd8b44feb8b4e08093

SHA512
915677dd09d316f91172ac10b02a27742284fd31240008fed2a055d9703987fd82e0f1ea84e06d88f08eebcdd35503a8ab58c9c02e13c39e4017788200f18737

Download Submit
C:\Windows\System32\FeUSuRK.exe

Filesize
1.2MB

MD5
0b1ab559f27fddc4de0508e69521e7a0

SHA1
7a509a9c4db66fd02e635ab4bd28e7a249619fbb

SHA256
b83d38d7c4bc67e59e72ec407d97cf3713c910c4b096c466a3b0449a68d37de0

SHA512
3ab6a421fb702498b927c1f4ee78ed2663d8ba3b59668f371316e327f3ea54f7108629f075760bc8898517fd9a410be2749ae0cfa17c520d9b4a120d804c45e6

Download Submit
C:\Windows\System32\HSDoaTk.exe

Filesize
1.2MB

MD5
b06d6e939eef3bcb653e61d63ac8ebc8

SHA1
c55768da31186f77bd78912027669f268d4bf7ea

SHA256
b9912513e1ffcb35acd98944c309d083363f46520e8028778d984b3ee7b18dc4

SHA512
c9092247c6f4dcd4a1b350d0e1581ec14e397680968bc24499e621f40675c46e218655a3f629187ab262799d1bc707613ae8a9b500b914013b8956e62bd34371

Download Submit
C:\Windows\System32\KiAHsha.exe

Filesize
1.2MB

MD5
53e7c3e205a32b264e041ecf38b01320

SHA1
aee906f1a588e4612f45ebd7757339a0d4daa785

SHA256
a9eb748889f925374f41a8d5b3e151afd99f43b1858c35d19c2badc69330b25d

SHA512
2b6effd0fea6ab98667ebb657b91f55f0dfc38516187f511636f79a53da7fee038b1fb6215a23b7bdc93ce03d5e9f2075eeb61c5c68f0c7664073021e59d15ab

Download Submit
C:\Windows\System32\QszktSN.exe

Filesize
1.2MB

MD5
a3c374699407e471ab312ac7fedfc2f3

SHA1
7fa44f750488e9354a8c4b71d6ee2ac41e789fa9

SHA256
cbf80d5f4da70b1e956d166dcd29de877db7f5be1e832ef17064ed9e6adbd284

SHA512
9d30fa4ae2bbcb00fdcc970570513bb9d2f9a199a5896eb49be3dd8e6e5f3bad1a343527e418009489dd81e456a67b7648356b7919ffa122560bc98abeb0d650

Download Submit
C:\Windows\System32\VXAvqZe.exe

Filesize
1.2MB

MD5
06a41149e5547b7ed279c961fe9b324c

SHA1
ae6606157db181609e8726591e07dec43fbb5976

SHA256
79e7a45c4c43bad96dd729703f103bd99f369d8b01ebed1f62c2917b8e42bdee

SHA512
b88f0b09509a030ca7ebe08c3d863cd51ab26fdd70805d90fa95f1f2d14ed714765f13719fa830399677f5d60af9c8e73072282e87613640350f66752d8b9669

Download Submit
C:\Windows\System32\XSmRrKA.exe

Filesize
1.2MB

MD5
0d19521497b4bc9afc22badbfdea49fa

SHA1
2544bfb0258851693b5e7887f4161dc33b73b1f6

SHA256
9d1a5a87370bc768e97f6d5d6dd00cca87f7404b4dd327f53c184c1af171ebb5

SHA512
5587e291d90e82c1bf9a4797fa4f878e754a49d781a6ac827c2c428d602560596c24d351200b3343f172770b8f07be92c6f677905902c6d09e75aaf2fbf13ab2

Download Submit
C:\Windows\System32\cjOqCrw.exe

Filesize
1.2MB

MD5
c7bf004b844f39ca5a8511bd17175598

SHA1
a9caf24c2ab640d91ddab4b9f392b3cbed65a61d

SHA256
2cd28c3cfba636ed4c32f475da4f63ccf9f291c5ea6d36e4d3cbf78412891fc5

SHA512
4d8d59c4bc34a416ae75a811ce9f107e53c3fee2bf09bc3cb98ade26b9403a5f69509f2ab525a6e3712dab1a1458f461469348fc3663b31f15dd8cbce227d8ea

Download Submit
C:\Windows\System32\dXgDjdo.exe

Filesize
1.2MB

MD5
a876650d4119689a721136c643c91126

SHA1
a9327fb30f8a224b224305c1e34f704f09261f10

SHA256
089e5e3ac9fcca1bf1e4922403f667fc71bcaeba617fc095bc321142c609d55b

SHA512
aa11836c91db0eebfca80f67cebec86ea826adad272b14a8b2be9b699b01643d19b87ec8236ce255f453069d606e6ec6b5cabfdde30a2117c96b3df8ca338d54

Download Submit
C:\Windows\System32\eBrsNhX.exe

Filesize
1.2MB

MD5
1020c6f0fd07a5a3d5cd03cc1238b0a4

SHA1
e22f0a7efe889d74b9e6f25ddf74a09ee79def03

SHA256
496c07592c5f545c7dbd277d6d0e073af4bf09bf7e5f19ffcc5fcc7ad4eb680f

SHA512
f4e6b0d4b008cd1a9bdbf9b89fa78f35c82ab459ae4e511a3b6334dff42f03224392f67a1364dbdc519d7c3746bf2a5e6e2cafc1278fd1dcf1aac8b002496566

Download Submit
C:\Windows\System32\gBezghW.exe

Filesize
1.2MB

MD5
7b276ad190e22bcb2f060f01a20cfd97

SHA1
a102cdc2b1af0966bbef291302663e142c1f38e9

SHA256
ce4f443f2c71bed06f3a22839c6e3fc85f82bf9a7fd8aed93754bc3491c2e78f

SHA512
c16f7ef26a7fe545a625aa46aeff30fd76212fedaa1c70354dcde4a0dacc7905729c16c451dbaf6c212c8489d6dbfd963bfa42d860ced6ad4904a9c341b45d8a

Download Submit
C:\Windows\System32\gqrmJaH.exe

Filesize
1.2MB

MD5
f882d09c7822b3c4ec465cb369440d11

SHA1
2eb01f5fc5843e9e474c2f300e877cf160aab80d

SHA256
36d4b15e0841629cc2d8b71c266e70d6e5ac3c574470816b7f4e26d057fd90b9

SHA512
dee55d03063b5f5bde216411f2df3b77e1b3357d6dc11d1154f4efdc906cabed34186fe52fc246cc00f8e7ec7b7fe9a04d4ac3ad6a66be83cd147f9c6754158b

Download Submit
C:\Windows\System32\hRWEEpb.exe

Filesize
1.2MB

MD5
6a0de17dbb811718dafc710230e86259

SHA1
996cb61090902054e9cdfb81d6d9774fda821f73

SHA256
7377e232e0f6881bacb3aab0ad68def6f22aa84fe3aae676be7c42119daa36c6

SHA512
59506166981ef1ee0d6e0e851bb5418bf5ddd67dd9d5051287bffd0371583909f8b5b578e873a5f3e117ad49d7fa6658ff8fde1e46e959d05be25b8366108394

Download Submit
C:\Windows\System32\ibvySCl.exe

Filesize
1.2MB

MD5
0e31d2e9434a94bfdbbded7bc2e86a9c

SHA1
a278f50682cb0f805ccbe7b45e4dbf2ec5396698

SHA256
82ac9be6ca6047650e5a371ced79bacca72f14e955297de26c385690fa832f6c

SHA512
02dd8a89840e1718d563bf3a78fb2f9ea38195660f80e90511fb437ad5d12deebcb85f8e8fb653a74d67951284408c26c908ba7af418472dcee659b55d654991

Download Submit
C:\Windows\System32\kclKoTL.exe

Filesize
1.2MB

MD5
33916595f6928243575fb2dcb52ff701

SHA1
504126059247d37b2633ab3b466a9e423c039a06

SHA256
19a0ac07be389a37b81f9f144c1d2c4880aa5dce450d4a49426061326559766b

SHA512
d359b468b101f6f63ad1213186b88400c07593412effcef7704a077320a405c985e7b711006df260e20af5ed9c2790c6acd09382033d08e1d5ea044506698f74

Download Submit
C:\Windows\System32\kyNEaDW.exe

Filesize
1.2MB

MD5
1e451cade7a9aa9a7c5771401b01c884

SHA1
fd8870143cd6282084763651fe88f212a18b04ea

SHA256
3ded5ee79a2622860ce276e3b36bdf698f5bc65c5e0e74b8d80810e6ad0366d6

SHA512
b29d2b192cbc14fe2b40278ad0b2c3c06196ca2cc89c85d7a3ef8e5d352dc56c2c5885ce3b01dfbfd737a90a9d13c8a3b707a931be1e18fe275775e1f250e0d9

Download Submit
C:\Windows\System32\kyRBQDY.exe

Filesize
1.2MB

MD5
75d44a3db41f86001b8f01f58d486c74

SHA1
ea306c0672e687fb68c149d2f157143ab6cfd216

SHA256
8475d83deef834aeacee238cec8313a828a7fa0ebffce6a9e4663fb9c0c019f9

SHA512
e00c5cf24713940b54d49f39c265b163d32e0e1749cf6d9660e578c2940f7d4cbb38ccd03bf0d15481d615e486e0ab7e2f2289b9e8fc0d3623eb3cf149bc9b18

Download Submit
C:\Windows\System32\nJPJneo.exe

Filesize
1.2MB

MD5
7bb53c00ecd74034ab38d54d6abfb5bd

SHA1
fa8c9550d90ea71f459c71cacf8385e98a34f172

SHA256
ffc926bde9de50879cf95451f298e7cae337d511523141c2c1261ecaecca00b3

SHA512
77b0aed28ccf167b149103fafd9e64abda1c075447f6493656ade41b0123fb8301863837ea6d9468b92f705e0966e58cbaa4f9163ba8b568ab03fea253fe90b7

Download Submit
C:\Windows\System32\stPUGsG.exe

Filesize
1.2MB

MD5
75aab6dbfdf2650216881703ceec22a2

SHA1
1d423bdf56e41a6fce15d6810136e1f87bb02254

SHA256
1e3d986e19993cc69ada4c48488dfed960645eb2eeee9d4bfd7fb0e42a0c3dba

SHA512
8b8243ac0217dd225486c313e5647774dd7a2d9c7298f7c5fececc632b282c20cf913ec8a567b2aa28d06b9a15e9972035d9ced377656feb5ed67cd61e32d142

Download Submit
C:\Windows\System32\wYKfYGB.exe

Filesize
1.2MB

MD5
1ee93937c1a671f98c799eaf47de4d6d

SHA1
009545717190b04c811a8c7cbfca3a4b436602e8

SHA256
a22f5610d3f9bdeb3454b84734a46b56853db0bb607120a22a34faa7dbbe16d3

SHA512
341cc42c3a86c265d3c9e413fa397d1688b6da0b1682939ed3a08813f644774888082dcab83502836977307bf7809ca0b4fe0b6e3fbd69604db5cff3884a9221

Download Submit
memory/1356-257-0x00007FF6F0FE0000-0x00007FF6F13D1000-memory.dmp

Filesize
3.9MB

Download
memory/1356-122-0x00007FF6F0FE0000-0x00007FF6F13D1000-memory.dmp

Filesize
3.9MB

Download
memory/1636-119-0x00007FF77AA80000-0x00007FF77AE71000-memory.dmp

Filesize
3.9MB

Download
memory/1636-238-0x00007FF77AA80000-0x00007FF77AE71000-memory.dmp

Filesize
3.9MB

Download
memory/1816-241-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp

Filesize
3.9MB

Download
memory/1816-115-0x00007FF7A8780000-0x00007FF7A8B71000-memory.dmp

Filesize
3.9MB

Download
memory/2184-116-0x00007FF7E03F0000-0x00007FF7E07E1000-memory.dmp

Filesize
3.9MB

Download
memory/2184-240-0x00007FF7E03F0000-0x00007FF7E07E1000-memory.dmp

Filesize
3.9MB

Download
memory/2200-251-0x00007FF7EC080000-0x00007FF7EC471000-memory.dmp

Filesize
3.9MB

Download
memory/2200-125-0x00007FF7EC080000-0x00007FF7EC471000-memory.dmp

Filesize
3.9MB

Download
memory/2304-151-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp

Filesize
3.9MB

Download
memory/2304-1-0x0000018884A60000-0x0000018884A70000-memory.dmp

Filesize
64KB

Download
memory/2304-0-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp

Filesize
3.9MB

Download
memory/2304-150-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp

Filesize
3.9MB

Download
memory/2304-128-0x00007FF7230F0000-0x00007FF7234E1000-memory.dmp

Filesize
3.9MB

Download
memory/2324-244-0x00007FF621290000-0x00007FF621681000-memory.dmp

Filesize
3.9MB

Download
memory/2324-114-0x00007FF621290000-0x00007FF621681000-memory.dmp

Filesize
3.9MB

Download
memory/2932-256-0x00007FF643520000-0x00007FF643911000-memory.dmp

Filesize
3.9MB

Download
memory/2932-123-0x00007FF643520000-0x00007FF643911000-memory.dmp

Filesize
3.9MB

Download
memory/3076-229-0x00007FF75A000000-0x00007FF75A3F1000-memory.dmp

Filesize
3.9MB

Download
memory/3076-111-0x00007FF75A000000-0x00007FF75A3F1000-memory.dmp

Filesize
3.9MB

Download
memory/3152-117-0x00007FF7DBA00000-0x00007FF7DBDF1000-memory.dmp

Filesize
3.9MB

Download
memory/3152-234-0x00007FF7DBA00000-0x00007FF7DBDF1000-memory.dmp

Filesize
3.9MB

Download
memory/3208-245-0x00007FF652C20000-0x00007FF653011000-memory.dmp

Filesize
3.9MB

Download
memory/3208-113-0x00007FF652C20000-0x00007FF653011000-memory.dmp

Filesize
3.9MB

Download
memory/3276-217-0x00007FF604590000-0x00007FF604981000-memory.dmp

Filesize
3.9MB

Download
memory/3276-9-0x00007FF604590000-0x00007FF604981000-memory.dmp

Filesize
3.9MB

Download
memory/3276-129-0x00007FF604590000-0x00007FF604981000-memory.dmp

Filesize
3.9MB

Download
memory/3284-118-0x00007FF75C7E0000-0x00007FF75CBD1000-memory.dmp

Filesize
3.9MB

Download
memory/3284-235-0x00007FF75C7E0000-0x00007FF75CBD1000-memory.dmp

Filesize
3.9MB

Download
memory/3424-124-0x00007FF65D4C0000-0x00007FF65D8B1000-memory.dmp

Filesize
3.9MB

Download
memory/3424-253-0x00007FF65D4C0000-0x00007FF65D8B1000-memory.dmp

Filesize
3.9MB

Download
memory/3436-226-0x00007FF75A1D0000-0x00007FF75A5C1000-memory.dmp

Filesize
3.9MB

Download
memory/3436-110-0x00007FF75A1D0000-0x00007FF75A5C1000-memory.dmp

Filesize
3.9MB

Download
memory/3944-127-0x00007FF7523D0000-0x00007FF7527C1000-memory.dmp

Filesize
3.9MB

Download
memory/3944-227-0x00007FF7523D0000-0x00007FF7527C1000-memory.dmp

Filesize
3.9MB

Download
memory/4540-121-0x00007FF667B80000-0x00007FF667F71000-memory.dmp

Filesize
3.9MB

Download
memory/4540-250-0x00007FF667B80000-0x00007FF667F71000-memory.dmp

Filesize
3.9MB

Download
memory/4660-231-0x00007FF652A80000-0x00007FF652E71000-memory.dmp

Filesize
3.9MB

Download
memory/4660-112-0x00007FF652A80000-0x00007FF652E71000-memory.dmp

Filesize
3.9MB

Download
memory/4836-219-0x00007FF7979E0000-0x00007FF797DD1000-memory.dmp

Filesize
3.9MB

Download
memory/4836-126-0x00007FF7979E0000-0x00007FF797DD1000-memory.dmp

Filesize
3.9MB

Download
memory/4920-130-0x00007FF705580000-0x00007FF705971000-memory.dmp

Filesize
3.9MB

Download
memory/4920-21-0x00007FF705580000-0x00007FF705971000-memory.dmp

Filesize
3.9MB

Download
memory/4920-222-0x00007FF705580000-0x00007FF705971000-memory.dmp

Filesize
3.9MB

Download
memory/4932-247-0x00007FF6BAC10000-0x00007FF6BB001000-memory.dmp

Filesize
3.9MB

Download
memory/4932-120-0x00007FF6BAC10000-0x00007FF6BB001000-memory.dmp

Filesize
3.9MB

Download
memory/4952-223-0x00007FF680430000-0x00007FF680821000-memory.dmp

Filesize
3.9MB

Download
memory/4952-131-0x00007FF680430000-0x00007FF680821000-memory.dmp

Filesize
3.9MB

Download
memory/4952-109-0x00007FF680430000-0x00007FF680821000-memory.dmp

Filesize
3.9MB

Download