xmrig | 53b37a734ab27bb40626c6434029defbebe8470f2d89b97e7ce85b40c9a3b05f

Analysis

max time kernel
142s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xmrig-6.22.2/benchmark_10M.cmd
Size

61B
MD5

5be1c4cacb5ae37c43527e99a097dc7a
SHA1

1b2f00fefde9d601764d5d26d5e0fb2b9f58074c
SHA256

235a64e3520b1c2c27763122b303f78aee8d7c083dfd9f1eb936cd5174383609
SHA512

20a9e18bc397fe86514875af4213a02a5831a27671370849f05c2f3ba048bc29fc41ca96f0cb1cc08aaff27bbebf637f30d2ee798cb80ed03080e8c7d8f2d9a1

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral4/memory/968-2-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-5-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-7-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-9-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-10-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-11-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-12-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-13-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-14-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-15-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-16-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-17-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-18-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig
behavioral4/memory/968-19-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	968	xmrig.exe
Token: SeLockMemoryPrivilege	968	xmrig.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
968	xmrig.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 968	4440	cmd.exe	83
PID 4440 wrote to memory of 968	4440	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.2\benchmark_10M.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.2\xmrig.exe
  xmrig.exe --bench=10M --submit
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-0-0x00000288490A0000-0x00000288490C0000-memory.dmp

Filesize
128KB

Download
memory/968-1-0x000002884A9A0000-0x000002884A9C0000-memory.dmp

Filesize
128KB

Download
memory/968-2-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-3-0x000002884A9C0000-0x000002884A9E0000-memory.dmp

Filesize
128KB

Download
memory/968-4-0x00000288DD380000-0x00000288DD3A0000-memory.dmp

Filesize
128KB

Download
memory/968-5-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-6-0x000002884A9C0000-0x000002884A9E0000-memory.dmp

Filesize
128KB

Download
memory/968-7-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-8-0x00000288DD380000-0x00000288DD3A0000-memory.dmp

Filesize
128KB

Download
memory/968-9-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-10-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-11-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-12-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-13-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-14-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-15-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-16-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-17-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-18-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download
memory/968-19-0x00007FF798F80000-0x00007FF799BB4000-memory.dmp

Filesize
12.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads