xmrig | 694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 21:17

Target

JaffaCakes118_694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda.exe
Size

1.2MB
MD5

a805b70ff31f53f6f9617160fd36227b
SHA1

7e20b18d9f6d475c0ae340da746b80024adda5bf
SHA256

694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda
SHA512

6bde6026ab2eb4fe46c9fdefd29e91bb7099297599d78a19d3a21c7da6727ea056de22cd3154a58a4bd7090a32267a48de9fb0143a4e8ad84786f74e10e03d64
SSDEEP

24576:EnCbLE/tyK3yt0mFdfE0bLBgDOph4THCGLQTfwlKjoIdBF672l6i20:EnCbL83y9FdfE0pZ0zCa4wI15d

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/1180-0-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1180-2-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1180-0-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1180-2-0x000000013F940000-0x000000013FC94000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1180	JaffaCakes118_694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda.exe
Token: SeLockMemoryPrivilege	1180	JaffaCakes118_694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_694f5cac54049225c0bb8fa61b7df74233b3bb97288acff7a34f006430e1fbda.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1180

memory/1180-0-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1180-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/1180-2-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download