General
-
Target
a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7
-
Size
5.8MB
-
Sample
241027-sev2nawnfm
-
MD5
190e68a764f232fa236a23317f80892b
-
SHA1
a37b9e226334bc69abaacb539fb7ba9722831a76
-
SHA256
a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7
-
SHA512
34c5d7d35a639a2c6ea183ad808a10bc0adaebf806975f6949da119c1d90c50f065b3d238a0bd6b7159394fe39a0322590fe229cae73f7c9cc393e721449c0a2
-
SSDEEP
98304:ICAKtK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucmEyVHNJdNOD5A:I7ObErIYeQ3nEIsyU2Y48CeHxNV
Static task
static1
Behavioral task
behavioral1
Sample
a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7
-
Size
5.8MB
-
MD5
190e68a764f232fa236a23317f80892b
-
SHA1
a37b9e226334bc69abaacb539fb7ba9722831a76
-
SHA256
a074f13421954fe7e4a87b68d23179df440cc15b0aa3019752fdbece9379d9e7
-
SHA512
34c5d7d35a639a2c6ea183ad808a10bc0adaebf806975f6949da119c1d90c50f065b3d238a0bd6b7159394fe39a0322590fe229cae73f7c9cc393e721449c0a2
-
SSDEEP
98304:ICAKtK2disEKWIAN9rDUQ60m+E+3syUSIkJEhxfAF8p4ucmEyVHNJdNOD5A:I7ObErIYeQ3nEIsyU2Y48CeHxNV
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-