xmrig | ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344 | Triage

Submit
Reports

Overview

overview

Static

static

3

ee0752e89d...44.exe

windows7-x64

ee0752e89d...44.exe

windows10-2004-x64

Sharing

General

Target

ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344.exe
Size

2.1MB
Sample

241120-15jejstgqa
MD5

9bc40b0890e81c429b325727e5ba5893
SHA1

a7561d62b00391fc996ee244bba8069ed3dd6bdb
SHA256

ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344
SHA512

f08fc59295e0eb348c0eec1e2670b773001be7797832df829fa42c8cbeebfb5e0e4195b8bfb962c6143ceac29e7720f753993b0b3689678ef913a0de0aec5d7f
SSDEEP

49152:GvQUiuvKem70245BBqhM85yYESmScKCgwm8f63tk5LwjVg:GvQUhkz6HG5pESmSN9A4k9KVg

Score

10^/10

xmrig execution miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344.exe

Resource

win7-20240903-en

xmrig execution miner

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344.exe

Resource

win10v2004-20241007-en

xmrig execution miner

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Targets

- Target
  
  ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344.exe
- Size
  
  2.1MB
- MD5
  
  9bc40b0890e81c429b325727e5ba5893
- SHA1
  
  a7561d62b00391fc996ee244bba8069ed3dd6bdb
- SHA256
  
  ee0752e89d5da38dfbbde44e9b4b3dd90e8cf3e8b37c2a35cf43fe69f5258344
- SHA512
  
  f08fc59295e0eb348c0eec1e2670b773001be7797832df829fa42c8cbeebfb5e0e4195b8bfb962c6143ceac29e7720f753993b0b3689678ef913a0de0aec5d7f
- SSDEEP
  
  49152:GvQUiuvKem70245BBqhM85yYESmScKCgwm8f63tk5LwjVg:GvQUhkz6HG5pESmSN9A4k9KVg
Score

10^/10

xmrig execution miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminer

behavioral2

xmrigexecutionminer

© 2018-2024

Terms | Privacy