xmrig | f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 19:00

Target

JaffaCakes118_f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9.exe
Size

4.0MB
MD5

001ff7a4d6f7414d54545afaef93a57f
SHA1

77779378961f87d1bc694e56123e48d4a87fe530
SHA256

f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9
SHA512

0fccd123896fefa989a19625241ba51085c7df964fbd8631a24457961032a2b6755a9982c0dc3dd64d0965401efa06a21f65f8c7986b393d0d811fbea0c94cb3
SSDEEP

49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po5Q:EniLf9FdfE0pZB156utgpPFotBER/mQa

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/memory/824-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/824-2-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/824-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/824-2-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	824	JaffaCakes118_f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9.exe
Token: SeLockMemoryPrivilege	824	JaffaCakes118_f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f1ab6dde0bc5c2f1c4cd5a8921bb80121fc1fb98557c2a41f0b1c0a0b7f861f9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:824

memory/824-0-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/824-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/824-2-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download