xmrig | 62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69

Analysis

max time kernel
110s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/11/2024, 04:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe
Size

1.5MB
MD5

1859bb4d87dcfb644c62bb63a4c61f81
SHA1

9937e90107034fc6e78e6627fa9824e8828c8e65
SHA256

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69
SHA512

e8d8acee6e062a06d3bb174fb5ecb7871b69c8078f177194008a7914cf73e6e8d9ca50c63d607cc30a6e105ffe09cde0bcadf9564f964233f81411131e4ff163
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlGC78XIHbAYhbc8lFad+tsytA7WEXLsh:knw9oUUEEDlGUJ8Y9c87MQosh

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral2/memory/2936-2-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-3-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-4-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-5-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-6-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-7-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-8-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-9-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-10-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-11-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-12-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig
behavioral2/memory/2936-13-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	xmrig

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2936-0-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-2-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-3-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-4-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-5-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-6-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-7-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-8-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-9-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-10-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-11-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-12-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx
behavioral2/memory/2936-13-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2936	62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe
Token: SeLockMemoryPrivilege	2936	62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe

C:\Users\Admin\AppData\Local\Temp\62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe
"C:\Users\Admin\AppData\Local\Temp\62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2936

Network

DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

92.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.12.20.2.in-addr.arpa

IN PTR

Response

92.12.20.2.in-addr.arpa

IN PTR

a2-20-12-92deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

3.120.209.58:8080

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe

260 B
5
3.120.209.58:8080

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe

260 B
5
3.120.209.58:8080

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe

260 B
5
3.120.209.58:8080

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe

260 B
5
3.120.209.58:8080

62d04043314444de12f5098570162ed15720b424af41ffcfb02bd0bb44cefa69.exe

208 B
4

8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

92.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

92.12.20.2.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2936-0-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-1-0x0000018072030000-0x0000018072040000-memory.dmp

Filesize
64KB

Download
memory/2936-2-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-3-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-4-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-5-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-6-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-7-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-8-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-9-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-10-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-11-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-12-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download
memory/2936-13-0x00007FF7BDA40000-0x00007FF7BDE31000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.