Analysis
-
max time kernel
140s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-11-2024 14:30
Behavioral task
behavioral1
Sample
2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe
Resource
win7-20240903-en
5 signatures
150 seconds
General
-
Target
2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe
-
Size
10.5MB
-
MD5
c4635caed8eb97d0931183ccd3abb25e
-
SHA1
2916d4b55d3f40cc86d058aea3f7fe75c3c8a089
-
SHA256
7ccb312aa8c6771f9d6fc8b1a048e2c399062af01d1b45b9868f10e39333f852
-
SHA512
bbe8d4cc86317dddf1a6479cb1b6bf558dc9382698a32ef64bb754e61fe5275a205f6852210b996853d170c1c5e7bb0b75608d95111b1fd121bc02f7795c5e48
-
SSDEEP
196608:kK0MnuaOqvYl1uuHSGysY5rRf1QdwsD2lP3aLL:kBqQN4n1QFDwGL
Malware Config
Signatures
-
Xmrig family
-
XMRig Miner payload 14 IoCs
resource yara_rule behavioral1/memory/2872-3-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-4-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-5-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-6-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-7-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-8-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-9-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-11-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-12-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-13-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-14-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-15-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-16-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig behavioral1/memory/2872-17-0x000000013F290000-0x000000013FDD8000-memory.dmp xmrig -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLockMemoryPrivilege 2872 2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe Token: SeLockMemoryPrivilege 2872 2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2872 2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe