xmrig | 100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc

Analysis

max time kernel
132s
max time network
141s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:27

Target

JaffaCakes118_100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc.exe
Size

2.1MB
MD5

b44b7af6338163fbeb5a5b4356039650
SHA1

2385c3799e08547c0d0e2d07d85b31b79c156288
SHA256

100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc
SHA512

5c26c10fe05f729936630fffcfdeee51f69aa6dabec07b63f9bad79ccc6ca862737899377f3ce9ab54e6b7c8e008bbbc8e4f1675359979fed5d830e6dae7075f
SSDEEP

49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEdMKPw:EniLf9FdfE0pZB156utgpPw

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/3028-2-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3028-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3028-2-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3028	JaffaCakes118_100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc.exe
Token: SeLockMemoryPrivilege	3028	JaffaCakes118_100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_100af1e9d460f0e8500a4c28cd60dee3a8cdf92464489edc4f1be38b29ece5cc.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028

memory/3028-0-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3028-2-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download