xmrig | f4e392a2ecbedfce9f6eeeefeae67eb556bd34be30c2d16a2686c7bdc946dd64

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 19:27

Target

ee45f419dcd3d1a1084e55418307c6c7_JaffaCakes118.exe
Size

5.7MB
MD5

ee45f419dcd3d1a1084e55418307c6c7
SHA1

cbda5b85a468a00f3f858af0d274ce6c0d54952d
SHA256

f4e392a2ecbedfce9f6eeeefeae67eb556bd34be30c2d16a2686c7bdc946dd64
SHA512

b800ddd3513fd718ae6d277e5cbc1264f0ab4db1a088c113ca3e1b36768287c0ed1067a3476771f20a5c004902b238696452be62d9b7297d1757f7686825b426
SSDEEP

98304:hemTLkNdfE0pZaN56utgpPFotBER/mQ32lUZ:w+156utgpPF8u/7Z

Score

10^/10

xmrig miner

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FD90000-0x00000001400DD000-memory.dmp	xmrig

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2496	2320	ee45f419dcd3d1a1084e55418307c6c7_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2496	2320	ee45f419dcd3d1a1084e55418307c6c7_JaffaCakes118.exe	30
PID 2320 wrote to memory of 2496	2320	ee45f419dcd3d1a1084e55418307c6c7_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\ee45f419dcd3d1a1084e55418307c6c7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ee45f419dcd3d1a1084e55418307c6c7_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2320 -s 72
  2⤵
  PID:2496

memory/2320-0-0x000000013FD90000-0x00000001400DD000-memory.dmp

Filesize
3.3MB

Download