Overview

overview

10

Static

static

3

msvcr710x64.sys

windows7-x64

1

msvcr710x64.sys

windows10-2004-x64

1

sqlservr.exe

windows7-x64

10

sqlservr.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sqlservr.exe

  • Size

    3.9MB

  • MD5

    325d88ea2ee59fc0faec0cd4e6db494e

  • SHA1

    63f2c5cbabd05e857c983741f4b9d71f7fbc6f69

  • SHA256

    eef7b9db43f331b41bfdc87fa0517fbd76981a9b9574fe2ee45bcc1ca390e616

  • SHA512

    6fdc79184bb209c1ec7e4a720fa6aed6a50a6dae2a6773d2c30c71be0eadbf2fb5dad6f906815a977a4081b239a06c4d087bcbb9b01a7aa8ffd8e4f0bb659cc2

  • SSDEEP

    98304:KLybik3bzEe5YwN9O9CAAN/aN6d/UuluefFNQKcWJa57IGHaKlA:xbisEC9KG/aNKsMO7v6GA

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 4 IoCs
    miner
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sqlservr.exe
    "C:\Users\Admin\AppData\Local\Temp\sqlservr.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2356-0-0x000000013F670000-0x00000001409CB000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/2356-1-0x000000013F670000-0x00000001409CB000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/2356-7-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2356-4-0x000000013F670000-0x00000001409CB000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/2356-8-0x000000013F670000-0x00000001409CB000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/2356-2-0x000000013F670000-0x00000001409CB000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/2356-5-0x00000000004E0000-0x00000000004F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2356-3-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

    Filesize

    3.8MB

    Download