xmrig | 1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b

Analysis

max time kernel
110s
max time network
116s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 18:48

Target

1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b.exe
Size

1.5MB
MD5

43b289e8badfedf9966247463716211d
SHA1

1535735ade8e11c477f355a0253ea62f7035a2be
SHA256

1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b
SHA512

d6363ac154d5e790bf12f713a22e9d694be377cab2ee9c9e139c0f3c121f97f25cbb6115cdc4ad46d8099be3ef77bfd3d90dbe3375a908d5eb57154c50b54cc3
SSDEEP

24576:RVIl/WDGCi7/qkat6zqxG2Z9mIhQvq8wd7NjVb65GsL9QsdkutxbVUDk+3HuP7Gk:ROdWCCi7/raWMmSdbbUGsVOutxLGTI

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral1/memory/2336-2-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-3-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-4-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-5-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-6-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-7-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-8-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-9-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-10-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-11-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-12-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig
behavioral1/memory/2336-13-0x000000013FA50000-0x000000013FDA1000-memory.dmp	xmrig

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2336-0-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-2-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-3-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-4-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-5-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-6-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-7-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-8-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-9-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-10-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-11-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-12-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx
behavioral1/memory/2336-13-0x000000013FA50000-0x000000013FDA1000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2336	1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b.exe
Token: SeLockMemoryPrivilege	2336	1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b.exe

C:\Users\Admin\AppData\Local\Temp\1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b.exe
"C:\Users\Admin\AppData\Local\Temp\1e7b885266f16d69a75bf76d2585557f8ba1246d07c8b7cb37952ed112eda79b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2336

memory/2336-0-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2336-2-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-4-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-5-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-6-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-7-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-8-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-9-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-10-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-11-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-12-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download
memory/2336-13-0x000000013FA50000-0x000000013FDA1000-memory.dmp

Filesize
3.3MB

Download