Overview
overview
10Static
static
10PUB2/xmrig.exe
windows10-ltsc 2021-x64
1PUB2/zephy...0).bat
windows10-ltsc 2021-x64
1PUB2/zephy...1).bat
windows10-ltsc 2021-x64
1PUB2/zephy...2).bat
windows10-ltsc 2021-x64
1PUB2/zephy...2).bat
windows10-ltsc 2021-x64
1PUB2/zephy...3).bat
windows10-ltsc 2021-x64
1PUB2/zephy...4).bat
windows10-ltsc 2021-x64
1PUB2/zephy...5).bat
windows10-ltsc 2021-x64
1PUB2/zephy...6).bat
windows10-ltsc 2021-x64
1PUB2/zephy...7).bat
windows10-ltsc 2021-x64
1PUB2/zephy...8).bat
windows10-ltsc 2021-x64
1PUB2/zephy...9).bat
windows10-ltsc 2021-x64
1PUB2/zephy...ie.bat
windows10-ltsc 2021-x64
1PUB2/zephyr.bat
windows10-ltsc 2021-x64
1Resubmissions
27/10/2024, 15:04
241027-sf193awngn 1026/10/2024, 18:30
241026-w5nxtavncj 1026/10/2024, 08:56
241026-kwfpassemh 1026/10/2024, 03:43
241026-d92qcs1ajk 1026/10/2024, 03:31
241026-d3dpysygqe 1026/10/2024, 03:25
241026-dylj1aygme 10Analysis
-
max time kernel
1343s -
max time network
1775s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
27/10/2024, 15:04
Behavioral task
behavioral1
Sample
PUB2/xmrig.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
PUB2/zephyr - Copie (10).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
PUB2/zephyr - Copie (11).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
PUB2/zephyr - Copie (12).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
PUB2/zephyr - Copie (2).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
PUB2/zephyr - Copie (3).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
PUB2/zephyr - Copie (4).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
PUB2/zephyr - Copie (5).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
PUB2/zephyr - Copie (6).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
PUB2/zephyr - Copie (7).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
PUB2/zephyr - Copie (8).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
PUB2/zephyr - Copie (9).bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
PUB2/zephyr - Copie.bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
PUB2/zephyr.bat
Resource
win10ltsc2021-20241023-en
General
-
Target
PUB2/zephyr - Copie (11).bat
-
Size
168B
-
MD5
ba22652cd85191f4cc7e21db61e2bd71
-
SHA1
aece18a53876615b26eea19ad30409a447a5a8f6
-
SHA256
4d4148fe8ab2368aaa811877b31d759d09b07df189587fed822d1011aca79a88
-
SHA512
df0cef76781eef6be0ada6fc8ca56de463d11c8b068ff0af2465dc97e05d910e5b9f10ecd95e9c0fd005ff8236cf52d2ea8f9de899dc7defceb3057c08a900a8
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 1028 xmrig.exe Token: SeLockMemoryPrivilege 1028 xmrig.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1028 xmrig.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3192 wrote to memory of 1028 3192 cmd.exe 81 PID 3192 wrote to memory of 1028 3192 cmd.exe 81
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PUB2\zephyr - Copie (11).bat"1⤵
- Suspicious use of WriteProcessMemory
PID:3192 -
C:\Users\Admin\AppData\Local\Temp\PUB2\xmrig.exexmrig.exe -o us-zephyr.miningocean.org:5342 -u ZEPHYR2c1KpUmMcFb1DgEejg8bgrit4x9L8TUEk2e7B7gbtwtHDVyKCUZEzu4zQMnGjgZjJZES6wnefC6FgLJeyL6Ahz2SsWsoK1Y -p scall -a rx/0 -k2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1028
-