xmrig | e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd

Analysis

max time kernel
111s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 09:16

Target

e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd.exe
Size

1.1MB
MD5

e589e755e1bc78f496754bd14f4833a9
SHA1

46f83eb0c57fc51049ac1b3eecbf4bdcf001a3e7
SHA256

e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd
SHA512

d8bb93722277cac70cae4d9913ea9ade78f410a524870a6d63721b0a1df69aae868eb6fa1528716e6356b6bfc12920a9c87d105258bebac59ec9104fb8612bce
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/j+ruu1A:knw9oUUEEDl37jcmWHCW

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4692-2-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-3-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-4-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-5-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-6-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-7-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-8-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-9-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-10-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-11-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-12-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig
behavioral2/memory/4692-13-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	xmrig

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4692-0-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-2-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-3-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-4-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-5-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-6-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-7-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-8-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-9-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-10-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-11-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-12-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx
behavioral2/memory/4692-13-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd.exe

description	pid	process
Token: SeLockMemoryPrivilege	4692	e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd.exe
Token: SeLockMemoryPrivilege	4692	e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd.exe

C:\Users\Admin\AppData\Local\Temp\e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd.exe
"C:\Users\Admin\AppData\Local\Temp\e4609eb1b96163810f42dc82a5d7052dd62d929098ec00bc1efb8b9ac822cbdd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4692

memory/4692-0-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-1-0x0000018EBA780000-0x0000018EBA790000-memory.dmp

Filesize
64KB

Download
memory/4692-2-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-3-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-4-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-5-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-6-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-7-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-8-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-9-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-10-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-11-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-12-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download
memory/4692-13-0x00007FF6E0150000-0x00007FF6E0541000-memory.dmp

Filesize
3.9MB

Download