xmrig | b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 17:10

Target

b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195.exe
Size

2.5MB
MD5

d9ff45c453dd33b942b001a05b79f5ca
SHA1

656c6063cf046fcbd9a5830b9fe26a1f96a9e768
SHA256

b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195
SHA512

39c2ca801a0a9c0dfa530b25c467a3fc5382ac2d7cd734149a214ce9c37f10322933858219192c8de1ba06f33157f3ff4acbbbb35b1b0581cdf3840d79caf36b
SSDEEP

49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEdMKPFotsgEi:EniLf9FdfE0pZB156utgpPFotBEi

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/2056-0-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2056-2-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2056-0-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2056-2-0x000000013F530000-0x000000013F884000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2056	b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195.exe
Token: SeLockMemoryPrivilege	2056	b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195.exe

C:\Users\Admin\AppData\Local\Temp\b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195.exe
"C:\Users\Admin\AppData\Local\Temp\b333da83ef3324e7ddd7f135be9316c3edc28ba856f47991e0574eb42bcc3195.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2056

memory/2056-0-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2056-2-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download