xmrig | 3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337

Analysis

max time kernel
119s
max time network
116s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 09:13

Target

3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337.exe
Size

1.4MB
MD5

1d7dcf5e1066652d8bacbd0b288e3bcf
SHA1

e01aec6dc012f98535ba836f7fc00be371655010
SHA256

3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337
SHA512

38cf7415bfbcd15764aca9093a00c27dfd8febd734ce4257bc0265756417fc7efa8160ea7c62ae83c7e8ff3f40114e5fc444bebe662481245f9ce1ddebd7f87d
SSDEEP

24576:RVIl/WDGCi7/qkat6zqxG2Z9mIhQvq8wd7NjVb65GsL9QsdkutxbVUDk+3HuezME:ROdWCCi7/raWMmSdbbUGsVOutxGFbx

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral1/memory/3008-2-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-3-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-4-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-5-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-6-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-7-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-8-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-9-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-10-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-11-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-12-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig
behavioral1/memory/3008-13-0x000000013FB40000-0x000000013FE91000-memory.dmp	xmrig

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3008-0-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-2-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-3-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-4-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-5-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-6-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-7-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-8-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-9-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-10-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-11-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-12-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx
behavioral1/memory/3008-13-0x000000013FB40000-0x000000013FE91000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3008	3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337.exe
Token: SeLockMemoryPrivilege	3008	3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337.exe

C:\Users\Admin\AppData\Local\Temp\3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337.exe
"C:\Users\Admin\AppData\Local\Temp\3d1f68d2afe943346b6eda3a0201b4d507b6921d6ded9c1e828211de248ab337.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3008

memory/3008-0-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/3008-2-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-5-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-6-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-7-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-8-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-9-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-10-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-11-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-12-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download
memory/3008-13-0x000000013FB40000-0x000000013FE91000-memory.dmp

Filesize
3.3MB

Download