Overview

overview

10

Static

static

3

msvcr710x64.sys

windows7-x64

1

msvcr710x64.sys

windows10-2004-x64

1

sqlservr.exe

windows7-x64

10

sqlservr.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sqlservr.exe

  • Size

    3.9MB

  • MD5

    325d88ea2ee59fc0faec0cd4e6db494e

  • SHA1

    63f2c5cbabd05e857c983741f4b9d71f7fbc6f69

  • SHA256

    eef7b9db43f331b41bfdc87fa0517fbd76981a9b9574fe2ee45bcc1ca390e616

  • SHA512

    6fdc79184bb209c1ec7e4a720fa6aed6a50a6dae2a6773d2c30c71be0eadbf2fb5dad6f906815a977a4081b239a06c4d087bcbb9b01a7aa8ffd8e4f0bb659cc2

  • SSDEEP

    98304:KLybik3bzEe5YwN9O9CAAN/aN6d/UuluefFNQKcWJa57IGHaKlA:xbisEC9KG/aNKsMO7v6GA

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 4 IoCs
    miner
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sqlservr.exe
    "C:\Users\Admin\AppData\Local\Temp\sqlservr.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1600-0-0x00007FF628710000-0x00007FF629A6B000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/1600-1-0x00007FF462F80000-0x00007FF463351000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1600-2-0x00007FF628710000-0x00007FF629A6B000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/1600-5-0x00000212117B0000-0x00000212117C4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1600-4-0x00007FF628710000-0x00007FF629A6B000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/1600-3-0x00007FF628710000-0x00007FF629A6B000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/1600-6-0x00007FF628710000-0x00007FF629A6B000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/1600-7-0x00007FF462F80000-0x00007FF463351000-memory.dmp

    Filesize

    3.8MB

    Download