Overview

overview

10

Static

static

10

xmrig-6.22...el.bat

windows10-1703-x64

10

xmrig-6.22...el.bat

windows10-2004-x64

10

xmrig-6.22...el.bat

windows10-1703-x64

10

xmrig-6.22...el.bat

windows10-2004-x64

10

xmrig-6.22...el.bat

windows10-1703-x64

10

xmrig-6.22...el.bat

windows10-2004-x64

10

xmrig-6.22...el.bat

windows10-1703-x64

10

xmrig-6.22...el.bat

windows10-2004-x64

10

xmrig-6.22...el.bat

windows10-1703-x64

10

xmrig-6.22...el.bat

windows10-2004-x64

10

xmrig-6.22...el.bat

windows10-1703-x64

10

xmrig-6.22...el.bat

windows10-2004-x64

10

xmrig-6.22...64.sys

windows10-1703-x64

1

xmrig-6.22...64.sys

windows10-2004-x64

1

xmrig-6.22...ig.exe

windows10-1703-x64

10

xmrig-6.22...ig.exe

windows10-2004-x64

10

Resubmissions

08/10/2024, 16:33 UTC

241008-t2j4cayekf 10

08/10/2024, 16:30 UTC

241008-tz73dsvfjp 10

09/09/2024, 22:51 UTC

240909-2szfnsvanm 10

09/09/2024, 22:50 UTC

240909-2r8b7aweqa 10

09/09/2024, 22:49 UTC

240909-2rwcmawenf 10

07/09/2024, 23:03 UTC

240907-21nddazfrr 10

07/09/2024, 23:02 UTC

240907-2z4nzasfrb 10

07/09/2024, 23:00 UTC

240907-2zae5azfmk 10

07/09/2024, 22:59 UTC

240907-2yc5masfke 10

Analysis

  • max time kernel
    1774s
  • max time network
    1152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/10/2024, 16:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xmrig-6.22.0-gcc-win64 plus/WinRing0x64.sys

  • Size

    14KB

  • MD5

    0c0195c48b6b8582fa6f6373032118da

  • SHA1

    d25340ae8e92a6d29f599fef426a2bc1b5217299

  • SHA256

    11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

  • SHA512

    ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

  • SSDEEP

    192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.0-gcc-win64 plus\WinRing0x64.sys"
    1⤵
      PID:1800
      • C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.0-gcc-win64 plus\WinRing0x64.sys
        "C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.0-gcc-win64 plus\WinRing0x64.sys"
        2⤵
          PID:3900

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.ax-0001.ax-msedge.net
        g-bing-com.ax-0001.ax-msedge.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=
        Remote address:
        150.171.28.10:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=0CF24BB6F1BD66952A3A5EA4F08C6765; domain=.bing.com; expires=Sun, 02-Nov-2025 16:31:27 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7EEADDD0BCF74672812690AAF35EC9FA Ref B: LON601060101060 Ref C: 2024-10-08T16:31:27Z
        date: Tue, 08 Oct 2024 16:31:26 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=
        Remote address:
        150.171.28.10:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0CF24BB6F1BD66952A3A5EA4F08C6765
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=y3PfTxuI1Sff2WR1jkqti26y-X1myMxuILjsRK8K5IE; domain=.bing.com; expires=Sun, 02-Nov-2025 16:31:27 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 8708D3E7E9A74708941899002839DBBB Ref B: LON601060101060 Ref C: 2024-10-08T16:31:27Z
        date: Tue, 08 Oct 2024 16:31:26 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=
        Remote address:
        150.171.28.10:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0CF24BB6F1BD66952A3A5EA4F08C6765; MSPTC=y3PfTxuI1Sff2WR1jkqti26y-X1myMxuILjsRK8K5IE
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: BEB1919260054A878118808FB6A629CF Ref B: LON601060101060 Ref C: 2024-10-08T16:31:27Z
        date: Tue, 08 Oct 2024 16:31:26 GMT
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        2.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        10.28.171.150.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        10.28.171.150.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        200.163.202.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.163.202.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.42.69.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.42.69.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
        Response
        0.205.248.87.in-addr.arpa
        IN PTR
        https-87-248-205-0lgwllnwnet
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        8.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.173.189.20.in-addr.arpa
        IN PTR
        Response
      • 150.171.28.10:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=
        tls, http2
        2.0kB
         9.4kB
         22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70f7878865d54bfebdc1fd957d1e5b4a&localId=w:54ECD007-E294-A159-E37D-CA55023ED6B0&deviceId=6966572651497155&anid=

        HTTP Response

        204
      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         148 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        2.159.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        10.28.171.150.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        10.28.171.150.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        200.163.202.172.in-addr.arpa
        dns
        74 B
         160 B
         1
        1

        DNS Request

        200.163.202.172.in-addr.arpa

      • 8.8.8.8:53
        241.42.69.40.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        241.42.69.40.in-addr.arpa

      • 8.8.8.8:53
        0.205.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.205.248.87.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        43.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        8.173.189.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        8.173.189.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3900-0-0x0000000000010000-0x0000000000017000-memory.dmp

        Filesize

        28KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.