Overview

overview

10

Static

static

7

a8038dcfdf...f3.exe

windows7-x64

10

a8038dcfdf...f3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 23:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a8038dcfdf316363b30df71f2bab457b55d2a505d86cdf6a40aaa6b3def81ef3.exe

  • Size

    1.6MB

  • MD5

    c41b3a6c0a3124e3ba8bdf6aa10fb160

  • SHA1

    071ac18519f64600a9a8857cfbffb386f4cc9bad

  • SHA256

    a8038dcfdf316363b30df71f2bab457b55d2a505d86cdf6a40aaa6b3def81ef3

  • SHA512

    f4cf34aa5ed1ec906c0f19d03b2cbd858b1a9f87f99ac9eb0a01db960db30ff77fa9d789751b4771d7e88010d111660bf8e0a7b675d1d4d2e57794af9b379642

  • SSDEEP

    24576:8avo/YFhnivTP0lhLuFEFotb0XUGH0gUu2ZfdOPAklQuYi/XInG:8Eo/Ul0atGYUGHv92ZfY5l3j/f

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 15 IoCs
    miner
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8038dcfdf316363b30df71f2bab457b55d2a505d86cdf6a40aaa6b3def81ef3.exe
    "C:\Users\Admin\AppData\Local\Temp\a8038dcfdf316363b30df71f2bab457b55d2a505d86cdf6a40aaa6b3def81ef3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1804

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1804-0-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-1-0x0000000000070000-0x0000000000090000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1804-3-0x0000000001EA0000-0x0000000001EC0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1804-2-0x0000000001C60000-0x0000000001C80000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1804-4-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-5-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-7-0x0000000001EA0000-0x0000000001EC0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1804-6-0x0000000001C60000-0x0000000001C80000-memory.dmp

          Filesize

          128KB

          Download

        • memory/1804-8-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-9-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-10-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-11-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-12-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-13-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-14-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-15-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-16-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-17-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-18-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-19-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download

        • memory/1804-20-0x000000013F8B0000-0x000000013FFF1000-memory.dmp

          Filesize

          7.3MB

          Download