Overview

overview

10

Static

static

3

8f861c2089...04.exe

windows7-x64

10

8f861c2089...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2024 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f861c2089520549eb6c1eb3cba713a8316ffe9f3573199e27cb48bd5e1ca704.exe

  • Size

    4.9MB

  • MD5

    3d375d10b594f69c51b80948ec0e4c03

  • SHA1

    439779b78363df27d5874efb256aa5e415e0b8b3

  • SHA256

    8f861c2089520549eb6c1eb3cba713a8316ffe9f3573199e27cb48bd5e1ca704

  • SHA512

    635d39a32aa3c01cf2d7c5910639da9dbc7f661daba92d0b6c6d543123aa84bfac86dc7c72d6f88ace93d4d2b520e5020094d11f8d78c6859ea68265e8dad560

  • SSDEEP

    98304:VlPQoHOVR78LR77DWaPL+RbDQuAv9QyhT/UxEdmrm:VGoHWB6Uaz+RfQBlhL8Edf

Score
10/10
xmrigminerpersistenceupx

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 9 IoCs
    miner
  • Power Settings 1 TTPs 4 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 53 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f861c2089520549eb6c1eb3cba713a8316ffe9f3573199e27cb48bd5e1ca704.exe
    "C:\Users\Admin\AppData\Local\Temp\8f861c2089520549eb6c1eb3cba713a8316ffe9f3573199e27cb48bd5e1ca704.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
      2⤵
      • Power Settings
      • Suspicious use of AdjustPrivilegeToken
      PID:220
    • C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
      2⤵
      • Power Settings
      • Suspicious use of AdjustPrivilegeToken
      PID:4664
    • C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
      2⤵
      • Power Settings
      • Suspicious use of AdjustPrivilegeToken
      PID:1332
    • C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
      2⤵
      • Power Settings
      • Suspicious use of AdjustPrivilegeToken
      PID:1744
    • C:\Windows\explorer.exe
      explorer.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4708-1-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-3-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-2-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-4-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-8-0x0000000000800000-0x0000000000820000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4708-7-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-6-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-5-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-12-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-11-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-10-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-9-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-13-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-14-0x0000000012710000-0x0000000012730000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4708-15-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-16-0x0000000140000000-0x0000000140835000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/4708-17-0x0000000012F90000-0x0000000012FB0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4708-18-0x0000000012F90000-0x0000000012FB0000-memory.dmp

    Filesize

    128KB

    Download