xmrig | 174e46e72c29bc67906588fb3860fa28b368494a9dcae09850c31425fa507d59

Analysis

max time kernel
140s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Start-Salvium.bat
Size

191B
MD5

83cdb39870b444d5cc499b9318567711
SHA1

c87327c471326341ac1ee095d824bf35e97e7b7a
SHA256

576761fbd2203cb3373f04dcd8b58c6730ffb4eb0bbe085a67e8fcdb48da0c1b
SHA512

57a646647cdf54c98311b418f7cab9495de714786b6f4f43732d9ffd8f9e7771850c73ce93cb061e32ae53dcb14ec0574fd30c7f08122d2f765c28a14bc88dbf

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral4/memory/2640-2-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-5-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-8-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-9-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-10-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-11-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-12-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-13-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-14-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-15-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-16-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-17-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-18-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig
behavioral4/memory/2640-19-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2640	xmrig.exe
Token: SeLockMemoryPrivilege	2640	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2640	xmrig.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 2640	1124	cmd.exe	86
PID 1124 wrote to memory of 2640	1124	cmd.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Start-Salvium.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Users\Admin\AppData\Local\Temp\xmrig.exe
  xmrig.exe -a rx/0 --url "sal.kryptex.network:7777" --user SaLvsCNbjABPoCfjoVjytHf5Jqfd28NTD9kmkYUfSG7D2uzksP1TbNeDZB7ibriXB7D5M3YxfNZ7ER9amRZw25hQBR8kgDrhLRf/MyFirstRig -p x -k
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2640-0-0x000001CE76CE0000-0x000001CE76D00000-memory.dmp

Filesize
128KB

Download
memory/2640-1-0x000001CF0A630000-0x000001CF0A650000-memory.dmp

Filesize
128KB

Download
memory/2640-2-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-4-0x000001CF0ACA0000-0x000001CF0ACC0000-memory.dmp

Filesize
128KB

Download
memory/2640-3-0x000001CF0AC80000-0x000001CF0ACA0000-memory.dmp

Filesize
128KB

Download
memory/2640-5-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-7-0x000001CF0ACA0000-0x000001CF0ACC0000-memory.dmp

Filesize
128KB

Download
memory/2640-6-0x000001CF0AC80000-0x000001CF0ACA0000-memory.dmp

Filesize
128KB

Download
memory/2640-8-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-9-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-10-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-11-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-12-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-13-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-14-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-15-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-16-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-17-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-18-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download
memory/2640-19-0x00007FF70BA60000-0x00007FF70C692000-memory.dmp

Filesize
12.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads