xmrig | 3e90e1fd54fa90baaaa0ca56a9e21863afa5c19e5723e5b7f6466be99a7ffca1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_be8b1fdc420cc19262c6ac4dcba42eed_polyvice.exe
Size

10.5MB
MD5

be8b1fdc420cc19262c6ac4dcba42eed
SHA1

0e47723e1c5ad794328a53dcf5d6dd3a96b1c10f
SHA256

3e90e1fd54fa90baaaa0ca56a9e21863afa5c19e5723e5b7f6466be99a7ffca1
SHA512

3f601977022befd699a0b033d7c5084ab3e9f23218a974d99a479b6ce7c9bc154287ef42e760ed2fff2c0fbfc017d648a1b959e008ff3b6616d7de18b2607111
SSDEEP

196608:xVO70Wv7L2L/7YGO0upslXDFHffPZ5h+uqL:xILcsk5HnR7qL

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 14 IoCs

miner

resource	yara_rule
behavioral2/memory/396-3-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-4-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-5-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-6-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-7-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-8-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-9-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-11-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-12-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-13-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-14-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-15-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-16-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig
behavioral2/memory/396-17-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp	xmrig

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	396	2025-01-31_be8b1fdc420cc19262c6ac4dcba42eed_polyvice.exe
Token: SeLockMemoryPrivilege	396	2025-01-31_be8b1fdc420cc19262c6ac4dcba42eed_polyvice.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
396	2025-01-31_be8b1fdc420cc19262c6ac4dcba42eed_polyvice.exe

C:\Users\Admin\AppData\Local\Temp\2025-01-31_be8b1fdc420cc19262c6ac4dcba42eed_polyvice.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_be8b1fdc420cc19262c6ac4dcba42eed_polyvice.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/396-0-0x000001DFA4BC0000-0x000001DFA4BE0000-memory.dmp

Filesize
128KB

Download
memory/396-1-0x000001DFA4C10000-0x000001DFA4C14000-memory.dmp

Filesize
16KB

Download
memory/396-2-0x000001DFA4C10000-0x000001DFA4C14000-memory.dmp

Filesize
16KB

Download
memory/396-3-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-4-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-5-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-6-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-7-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-8-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-10-0x000001DFA76A0000-0x000001DFA76A4000-memory.dmp

Filesize
16KB

Download
memory/396-9-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-11-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-12-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-13-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-14-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-15-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-16-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download
memory/396-17-0x00007FF78CE90000-0x00007FF78D9C0000-memory.dmp

Filesize
11.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads