Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
27/10/2024, 10:44
Static task
static1
Behavioral task
behavioral1
Sample
WinS/WinRing0x64.sys
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
WinS/WinRing0x64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
WinS/wd.bat
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
WinS/wd.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
WinS/wmpnetwk.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
WinS/wmpnetwk.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
WinS/xcopy.exe
Resource
win7-20241010-en
General
-
Target
WinS/xcopy.exe
-
Size
4.1MB
-
MD5
8b2bee1b859c3a85195f639a6365609f
-
SHA1
415ee3c194ca9243bee87cb2c4e95de5e9ac9758
-
SHA256
5a496193f23e27ee2b8609cdfec370ab7aeed05983ca851ef8502196ee0e1c18
-
SHA512
b9df2cb6ffe1a6288fc6969ecb0db5bd70805f57b7c4e699ff3a60f106ef61beaaff4848eae623d03b3c255fc9dcc9804e09001ced050816e5303c21a641ea79
-
SSDEEP
98304:EOr3T+fANpnZpbmysbqxoCRS7BKtztkpOhJ64F7bN2N9a6nX:EODyYNpPrsbqxoCUVK9tkpOjbRbUa6nX
Malware Config
Signatures
-
Xmrig family
-
XMRig Miner payload 1 IoCs
resource yara_rule behavioral7/memory/2288-3-0x000000013F080000-0x000000013FEB3000-memory.dmp xmrig -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion xcopy.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion xcopy.exe