Overview

overview

10

Static

static

10

xmrig-6.22...64.sys

windows7-x64

1

xmrig-6.22...64.sys

windows10-2004-x64

1

xmrig-6.22...0M.cmd

windows7-x64

10

xmrig-6.22...0M.cmd

windows10-2004-x64

10

xmrig-6.22...1M.cmd

windows7-x64

10

xmrig-6.22...1M.cmd

windows10-2004-x64

10

xmrig-6.22...le.cmd

windows7-x64

10

xmrig-6.22...le.cmd

windows10-2004-x64

10

xmrig-6.22...le.cmd

windows7-x64

10

xmrig-6.22...le.cmd

windows10-2004-x64

10

xmrig-6.22...le.cmd

windows7-x64

10

xmrig-6.22...le.cmd

windows10-2004-x64

10

xmrig-6.22...rt.cmd

windows7-x64

10

xmrig-6.22...rt.cmd

windows10-2004-x64

10

xmrig-6.22...ig.exe

windows7-x64

10

xmrig-6.22...ig.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2024, 00:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xmrig-6.22.2/xmrig.exe

  • Size

    9.1MB

  • MD5

    cb166d49ce846727ed70134b589b0142

  • SHA1

    8f5e1c7792e9580f2b10d7bef6dc7e63ea044688

  • SHA256

    49da580656e51214d59702a1d983eff143af3560a344f524fe86326c53fb5ddb

  • SHA512

    a39bd86a148af26fd31a0d171078fb7bce0951bb8ea63658d87f6bde97dbc214c62e8bd7152d1e621051de8a0ba77ffd7bda7c1106afb740584c80e68e1912ed

  • SSDEEP

    98304:L/MDwKdstleFsZ35VIRveTAXMJyoL01X6kSvcwyZk8w+vMmeAKSQjH74cGtsiZ0J:TEZ8KCbnf6sgZEFH0o

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 14 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.2\xmrig.exe
    "C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.2\xmrig.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/452-0-0x00000292E2A60000-0x00000292E2A80000-memory.dmp

    Filesize

    128KB

    Download

  • memory/452-2-0x00000292E4450000-0x00000292E4470000-memory.dmp

    Filesize

    128KB

    Download

  • memory/452-3-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-5-0x00000292E4490000-0x00000292E44B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/452-4-0x00000292E4470000-0x00000292E4490000-memory.dmp

    Filesize

    128KB

    Download

  • memory/452-6-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-8-0x00000292E4490000-0x00000292E44B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/452-7-0x00000292E4470000-0x00000292E4490000-memory.dmp

    Filesize

    128KB

    Download

  • memory/452-9-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-10-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-11-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-12-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-13-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-14-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-15-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-16-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-17-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-18-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-19-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/452-20-0x00007FF6A3600000-0x00007FF6A4234000-memory.dmp

    Filesize

    12.2MB

    Download