Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/10/2024, 19:38

General

  • Target

    msedge.exe

  • Size

    7.9MB

  • MD5

    7755751675620a11db71ec8d830080ae

  • SHA1

    df8abdf744158d94b035b269dc57b6af5a4ec5fb

  • SHA256

    2883b1ae430003f3eff809f0461e18694ee1e2bc38c98f9eff22a50b5043a770

  • SHA512

    00007fabcbb98c6ae1ccb64314f7e7a3c5c6d04ea024ea76e2a83da9d9bb3900943f07ba2bfa70b5a3c5903a68575aec23b2d209fe37ce5f412b08dfeedcd02e

  • SSDEEP

    98304:L8sOUckgBwr4UyuwShsa+XbcDVa2+N/qyRiXM71ZQkcn4CuJ9KWZVxBJNxg/F5My:nYwr/xU3rDXWMc85j4eEsoCSCwG4

Score
10/10

Malware Config

Signatures

  • Xmrig family
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\msedge.exe
    "C:\Users\Admin\AppData\Local\Temp\msedge.exe"
    1⤵
      PID:1900
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2968

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1900-0-0x0000000000080000-0x00000000000A0000-memory.dmp

            Filesize

            128KB

          • memory/1900-1-0x000000013FA80000-0x000000014058B000-memory.dmp

            Filesize

            11.0MB

          • memory/2968-2-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB

          • memory/2968-3-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB