Overview

overview

10

Static

static

10

PUB2/xmrig.exe

windows11-21h2-x64

1

PUB2/zephy...0).bat

windows11-21h2-x64

1

PUB2/zephy...1).bat

windows11-21h2-x64

1

PUB2/zephy...2).bat

windows11-21h2-x64

1

PUB2/zephy...2).bat

windows11-21h2-x64

1

PUB2/zephy...3).bat

windows11-21h2-x64

1

PUB2/zephy...4).bat

windows11-21h2-x64

1

PUB2/zephy...5).bat

windows11-21h2-x64

1

PUB2/zephy...6).bat

windows11-21h2-x64

1

PUB2/zephy...7).bat

windows11-21h2-x64

1

PUB2/zephy...8).bat

windows11-21h2-x64

1

PUB2/zephy...9).bat

windows11-21h2-x64

1

PUB2/zephy...ie.bat

windows11-21h2-x64

1

PUB2/zephyr.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    444s
  • max time network
    1785s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-11-2024 09:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PUB2/zephyr.bat

  • Size

    168B

  • MD5

    ba22652cd85191f4cc7e21db61e2bd71

  • SHA1

    aece18a53876615b26eea19ad30409a447a5a8f6

  • SHA256

    4d4148fe8ab2368aaa811877b31d759d09b07df189587fed822d1011aca79a88

  • SHA512

    df0cef76781eef6be0ada6fc8ca56de463d11c8b068ff0af2465dc97e05d910e5b9f10ecd95e9c0fd005ff8236cf52d2ea8f9de899dc7defceb3057c08a900a8

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PUB2\zephyr.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\AppData\Local\Temp\PUB2\xmrig.exe
      xmrig.exe -o us-zephyr.miningocean.org:5342 -u ZEPHYR2c1KpUmMcFb1DgEejg8bgrit4x9L8TUEk2e7B7gbtwtHDVyKCUZEzu4zQMnGjgZjJZES6wnefC6FgLJeyL6Ahz2SsWsoK1Y -p scall -a rx/0 -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3040-0-0x0000028EF10F0000-0x0000028EF1110000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3040-1-0x0000028EF1140000-0x0000028EF1160000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3040-3-0x0000028F83900000-0x0000028F83920000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3040-2-0x0000028F838E0000-0x0000028F83900000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3040-5-0x0000028F83900000-0x0000028F83920000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3040-4-0x0000028F838E0000-0x0000028F83900000-memory.dmp

    Filesize

    128KB

    Download