General
-
Target
f7a640e35780cea6a3c09a0c60f778de7f7fa72cccd77a163a35ca785ba27abbN
-
Size
5.6MB
-
Sample
241109-rjnbyavmg1
-
MD5
932109d9a6f3b2bd2afd0f0ec16f7070
-
SHA1
41961cd9722b15c21b139f2300314e796f9ef400
-
SHA256
f7a640e35780cea6a3c09a0c60f778de7f7fa72cccd77a163a35ca785ba27abb
-
SHA512
3bca7f2eca30e9d1899fa96d29ffef3d0ea48b0986a04822f58651814a2046fab77c876291ddd5a1dc2b15aa2a5919274e6c50165ff105be08c1965a06391cc8
-
SSDEEP
98304:KggSZTFznDHwE8oohoIgNgx+r3P4jw4fn9E32RW0O2gT/gQGhP3oFL6p4kvDZ/Hn:DgSZJznDHMo+JgNgx+r3P+e32BO2gjgj
Static task
static1
Behavioral task
behavioral1
Sample
f7a640e35780cea6a3c09a0c60f778de7f7fa72cccd77a163a35ca785ba27abbN.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
f7a640e35780cea6a3c09a0c60f778de7f7fa72cccd77a163a35ca785ba27abbN
-
Size
5.6MB
-
MD5
932109d9a6f3b2bd2afd0f0ec16f7070
-
SHA1
41961cd9722b15c21b139f2300314e796f9ef400
-
SHA256
f7a640e35780cea6a3c09a0c60f778de7f7fa72cccd77a163a35ca785ba27abb
-
SHA512
3bca7f2eca30e9d1899fa96d29ffef3d0ea48b0986a04822f58651814a2046fab77c876291ddd5a1dc2b15aa2a5919274e6c50165ff105be08c1965a06391cc8
-
SSDEEP
98304:KggSZTFznDHwE8oohoIgNgx+r3P4jw4fn9E32RW0O2gT/gQGhP3oFL6p4kvDZ/Hn:DgSZJznDHMo+JgNgx+r3P+e32BO2gjgj
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-