Overview

overview

10

Static

static

10

a34ad8452f...df.exe

windows7-x64

10

a34ad8452f...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a34ad8452fda684438188f08c6384a528c301e01715852dfb74124cd79cce5df

  • Size

    1.7MB

  • Sample

    250125-ewy8raxkcj

  • MD5

    2496caf6a8b6a0667533892f2d6e47fc

  • SHA1

    411ba7bb6c6937fd454dcb7a52deb0ad8d05963b

  • SHA256

    a34ad8452fda684438188f08c6384a528c301e01715852dfb74124cd79cce5df

  • SHA512

    7c65c090f3bb0689f8c589f397f453bdabd82fa954c28cfdb186bad309a17356a948008c635b8861c08423c5e529b09cc92add99d55486d349a3db76cb84bba0

  • SSDEEP

    49152:GezaTF8FcNkNdfE0pZ9ozttwIRxTzkx7kvxInClpJT2CL:GemTLkNdfE0pZyJ

Score
10/10
xmrigminerpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      a34ad8452fda684438188f08c6384a528c301e01715852dfb74124cd79cce5df

    • Size

      1.7MB

    • MD5

      2496caf6a8b6a0667533892f2d6e47fc

    • SHA1

      411ba7bb6c6937fd454dcb7a52deb0ad8d05963b

    • SHA256

      a34ad8452fda684438188f08c6384a528c301e01715852dfb74124cd79cce5df

    • SHA512

      7c65c090f3bb0689f8c589f397f453bdabd82fa954c28cfdb186bad309a17356a948008c635b8861c08423c5e529b09cc92add99d55486d349a3db76cb84bba0

    • SSDEEP

      49152:GezaTF8FcNkNdfE0pZ9ozttwIRxTzkx7kvxInClpJT2CL:GemTLkNdfE0pZyJ

    Score
    10/10
    xmrigminerpersistenceprivilege_escalation

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks