Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25/10/2024, 19:38
Behavioral task
behavioral1
Sample
msedge.exe
Resource
win7-20240903-en
8 signatures
150 seconds
General
-
Target
msedge.exe
-
Size
7.9MB
-
MD5
7755751675620a11db71ec8d830080ae
-
SHA1
df8abdf744158d94b035b269dc57b6af5a4ec5fb
-
SHA256
2883b1ae430003f3eff809f0461e18694ee1e2bc38c98f9eff22a50b5043a770
-
SHA512
00007fabcbb98c6ae1ccb64314f7e7a3c5c6d04ea024ea76e2a83da9d9bb3900943f07ba2bfa70b5a3c5903a68575aec23b2d209fe37ce5f412b08dfeedcd02e
-
SSDEEP
98304:L8sOUckgBwr4UyuwShsa+XbcDVa2+N/qyRiXM71ZQkcn4CuJ9KWZVxBJNxg/F5My:nYwr/xU3rDXWMc85j4eEsoCSCwG4
Malware Config
Signatures
-
Xmrig family
-
XMRig Miner payload 1 IoCs
resource yara_rule behavioral1/memory/1900-1-0x000000013FA80000-0x000000014058B000-memory.dmp xmrig -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2968 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2968 taskmgr.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe -
Suspicious use of SendNotifyMessage 37 IoCs
pid Process 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe 2968 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\msedge.exe"C:\Users\Admin\AppData\Local\Temp\msedge.exe"1⤵PID:1900
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2968