Analysis
-
max time kernel
140s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
17-11-2024 15:32
Behavioral task
behavioral1
Sample
2024-11-17_bd19049d6afc07a4c83ebd60caffaf24_polyvice.exe
Resource
win7-20240729-en
windows7-x64
5 signatures
150 seconds
General
-
Target
2024-11-17_bd19049d6afc07a4c83ebd60caffaf24_polyvice.exe
-
Size
10.5MB
-
MD5
bd19049d6afc07a4c83ebd60caffaf24
-
SHA1
3b11be78905848f0cb38c74ff57e991e8d07dc1e
-
SHA256
9fec9cee465c4efa097e3add3d501a0aa2eeef86d7307b374b878adc697c3991
-
SHA512
84315d2c02b6c1b45a2a0e2e927cb19f8fcafed438a7fedf9427c734d668580997ca680b79d70b91dbb3e851827ef03ab3d1d56ac5d6cc358675bbcf12877aaa
-
SSDEEP
196608:7sgJIQolcPYjqkW56sjj29Q6Se8ELZtsbdy:7ml8LC9DJ1Xsg
Malware Config
Signatures
-
Xmrig family
-
XMRig Miner payload 14 IoCs
resource yara_rule behavioral1/memory/588-3-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-4-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-5-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-6-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-7-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-8-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-9-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-11-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-12-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-13-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-14-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-15-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-16-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig behavioral1/memory/588-17-0x000000013F3E0000-0x000000013FF28000-memory.dmp xmrig -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 588 2024-11-17_bd19049d6afc07a4c83ebd60caffaf24_polyvice.exe Token: SeLockMemoryPrivilege 588 2024-11-17_bd19049d6afc07a4c83ebd60caffaf24_polyvice.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 588 2024-11-17_bd19049d6afc07a4c83ebd60caffaf24_polyvice.exe