Extracted

• • Target

    0x0006000000016d4e-54.dat

  • Size

    10KB

  • MD5

    96509ab828867d81c1693b614b22f41d

  • SHA1

    c5f82005dbda43cedd86708cc5fc3635a781a67e

  • SHA256

    a9de2927b0ec45cf900508fec18531c04ee9fa8a5dfe2fc82c67d9458cf4b744

  • SHA512

    ff603117a06da8fb2386c1d2049a5896774e41f34d05951ecd4e7b5fc9da51a373e3fcf61af3577ff78490cf898471ce8e71eae848a12812fe98cd7e76e1a9ca

  • SSDEEP

    96:vdHiIV5H6c10lqo9ZYAoQdVDCcJ+587tG6AuJxGE9btz2qhRC7tCEOhd1Q:vdHiQ5HV1wr9KA/J+izJxTZtzthyOhd

  Score

  10^/10

  xmrigdiscoveryexecutionminer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Xmrig family

    xmrig

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2