xmrig | 7ccb312aa8c6771f9d6fc8b1a048e2c399062af01d1b45b9868f10e39333f852

Analysis

max time kernel
140s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe
Size

10.5MB
MD5

c4635caed8eb97d0931183ccd3abb25e
SHA1

2916d4b55d3f40cc86d058aea3f7fe75c3c8a089
SHA256

7ccb312aa8c6771f9d6fc8b1a048e2c399062af01d1b45b9868f10e39333f852
SHA512

bbe8d4cc86317dddf1a6479cb1b6bf558dc9382698a32ef64bb754e61fe5275a205f6852210b996853d170c1c5e7bb0b75608d95111b1fd121bc02f7795c5e48
SSDEEP

196608:kK0MnuaOqvYl1uuHSGysY5rRf1QdwsD2lP3aLL:kBqQN4n1QFDwGL

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2156-3-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-4-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-5-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-6-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-7-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-8-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-9-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-11-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-12-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-13-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-14-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-15-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-16-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig
behavioral2/memory/2156-17-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe

description	pid	process
Token: SeLockMemoryPrivilege	2156	2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe
Token: SeLockMemoryPrivilege	2156	2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe

pid process

2156 2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe

pid	process
2156	2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_c4635caed8eb97d0931183ccd3abb25e_polyvice.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2156-0-0x00000227EA3E0000-0x00000227EA400000-memory.dmp

Filesize
128KB

Download
memory/2156-1-0x00000227EA560000-0x00000227EA564000-memory.dmp

Filesize
16KB

Download
memory/2156-2-0x00000227EA560000-0x00000227EA564000-memory.dmp

Filesize
16KB

Download
memory/2156-3-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-4-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-5-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-6-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-7-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-8-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-10-0x00000227EB600000-0x00000227EB604000-memory.dmp

Filesize
16KB

Download
memory/2156-9-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-11-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-12-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-13-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-14-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-15-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-16-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download
memory/2156-17-0x00007FF7AC2C0000-0x00007FF7ACE08000-memory.dmp

Filesize
11.3MB

Download