xmrig | bea823864608fc862d6aef3de668910d6c39cdfbb42407fb17353c5cbe820ea3

max time kernel
299s
max time network
252s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/09/2024, 11:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TEST POP/Start-Salvium - Copie (4).bat
Size

102B
MD5

f6c3ca8b6489dd2343401ed0610a47ce
SHA1

1d6342ce8af33a4ba298d7b5e619502a7dbfe195
SHA256

1496fedb69b8dd719ebe2413ad6d59c5277d928bff1a86df265dee9060a007a0
SHA512

089a357fe5cd949df1b997a52e65fccf2ed2d493b40b86f896a1d79c26b94544a66a4aaba12ee3a7511a721c795a9728011d18d334f6663a563ad0bbbba0ee1b

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 5 IoCs

miner

resource	yara_rule
behavioral18/memory/3472-2-0x00007FF641800000-0x00007FF642432000-memory.dmp	xmrig
behavioral18/memory/3472-3-0x00007FF641800000-0x00007FF642432000-memory.dmp	xmrig
behavioral18/memory/3472-6-0x00007FF641800000-0x00007FF642432000-memory.dmp	xmrig
behavioral18/memory/3472-9-0x00007FF641800000-0x00007FF642432000-memory.dmp	xmrig
behavioral18/memory/3472-10-0x00007FF641800000-0x00007FF642432000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3472	xmrig.exe
Token: SeLockMemoryPrivilege	3472	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3472	xmrig.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 3472	4764	cmd.exe	81
PID 4764 wrote to memory of 3472	4764	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Salvium - Copie (4).bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
  xmrig.exe -a rx/0 --url "sal.kryptex.network:7777" --user scallorphee@gmail.com -p x -k
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3472

Network

DNS

sal.kryptex.network

xmrig.exe

Remote address:

8.8.8.8:53

Request

sal.kryptex.network

IN A

Response

sal.kryptex.network

IN A

5.9.61.230
DNS

8.8.8.8.in-addr.arpa

xmrig.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

nexusrules.officeapps.live.com

xmrig.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.229.19
DNS

230.61.9.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.61.9.5.in-addr.arpa

IN PTR

Response

230.61.9.5.in-addr.arpa

IN PTR

static2306195clientsyour-serverde
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response

5.9.61.230:7777

sal.kryptex.network

xmrig.exe

1.4kB
1.9kB
15
14

8.8.8.8:53

sal.kryptex.network

dns

xmrig.exe

207 B
312 B
3
3

DNS Request

sal.kryptex.network

DNS Response

5.9.61.230

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.229.19
8.8.8.8:53

230.61.9.5.in-addr.arpa

dns

141 B
281 B
2
2

DNS Request

230.61.9.5.in-addr.arpa

DNS Request

19.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3472-0-0x00000283C80F0000-0x00000283C8110000-memory.dmp

Filesize
128KB

Download
memory/3472-1-0x00000283C8140000-0x00000283C8160000-memory.dmp

Filesize
128KB

Download
memory/3472-2-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-3-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-4-0x000002845BF70000-0x000002845BF90000-memory.dmp

Filesize
128KB

Download
memory/3472-5-0x000002845BF90000-0x000002845BFB0000-memory.dmp

Filesize
128KB

Download
memory/3472-6-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-8-0x000002845BF90000-0x000002845BFB0000-memory.dmp

Filesize
128KB

Download
memory/3472-7-0x000002845BF70000-0x000002845BF90000-memory.dmp

Filesize
128KB

Download
memory/3472-9-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-10-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-11-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-12-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-13-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-14-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-15-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-16-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-17-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-18-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-19-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-20-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-21-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-22-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-23-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-24-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-25-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-26-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-27-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-28-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-29-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-30-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-31-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-32-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-33-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download
memory/3472-34-0x00007FF641800000-0x00007FF642432000-memory.dmp

Filesize
12.2MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.