Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:45

General

  • Target

    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe

  • Size

    5.2MB

  • MD5

    099368f9fe6fd97b9a8a8cdad39a8a96

  • SHA1

    aa2ca2ad3f4fae8ce6152892ed9d51894800dcd6

  • SHA256

    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f

  • SHA512

    ad8e1aa20950de13afe40346c1031aca95df3e3dd4175204f3a2fc11dd39c56cab00f3885410e7be030bfdbe941fa305669e614370389e3c3b4d59cd35de02a3

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lP:RWWBibf56utgpPFotBER/mQ32lUT

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 15 IoCs
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    "C:\Users\Admin\AppData\Local\Temp\1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2700

Network

    No results found
  • 3.120.209.58:8080
    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    152 B
    3
  • 3.120.209.58:8080
    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    152 B
    3
  • 3.120.209.58:8080
    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    152 B
    3
  • 3.120.209.58:8080
    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    152 B
    3
  • 3.120.209.58:8080
    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    152 B
    3
  • 3.120.209.58:8080
    1b779f0f654c7eb6205a1c9ee6d26c131ca8afb26ae97c6e04c85d56b8499e4f.exe
    152 B
    3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2700-0-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-1-0x0000000000080000-0x0000000000090000-memory.dmp

    Filesize

    64KB

  • memory/2700-2-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-3-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-4-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-5-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-6-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-7-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-8-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-9-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-10-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-11-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-12-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-13-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-14-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-15-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

  • memory/2700-16-0x000000013FB10000-0x000000013FE61000-memory.dmp

    Filesize

    3.3MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.