Overview

overview

10

Static

static

10

2024-11-20...ce.exe

windows7-x64

10

2024-11-20...ce.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-20_14f5051ecc9450a95e52a1cec038cc9f_polyvice.exe

  • Size

    10.5MB

  • MD5

    14f5051ecc9450a95e52a1cec038cc9f

  • SHA1

    7b3cd491f6f83250fe894b9ad55071996494182d

  • SHA256

    6d61a9b4a24f4d4519b5e4de3ab3e9f1efdc67a5df1d721b1052402b1b5ea109

  • SHA512

    b11b9598848ef5d0c239243202ef2f7dbe80e1ba3ede26296989a94e992cbefde744b371364f66bd84456896184128db866b8a1fb305e11520549e54595faec9

  • SSDEEP

    98304:dR4XRwKR3oKDkPd4nPExkE7ttAkHA/ZN0Ri/PzGbdk4KPGIJJvGl8pI+XFwWgX4e:gXLGpSJ85qmufbZnVsY746Ax761PZaV

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 14 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-20_14f5051ecc9450a95e52a1cec038cc9f_polyvice.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-20_14f5051ecc9450a95e52a1cec038cc9f_polyvice.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1980-0-0x00000000002F0000-0x0000000000310000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1980-1-0x00000000004B0000-0x00000000004B4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1980-2-0x00000000004B0000-0x00000000004B4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1980-3-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-4-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-5-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-6-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-7-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-8-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-9-0x0000000001E30000-0x0000000001E34000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1980-10-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-11-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-12-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-13-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-14-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-15-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-16-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1980-17-0x000000013FB70000-0x000000014069C000-memory.dmp

    Filesize

    11.2MB

    Download