xmrig | 2c2b463dcc6b6b57237fc4284cb5fc2f7ac231c937ca273db591d1c5579648cc

Resubmissions

01/02/2025, 16:22

250201-tt9n2askfq 10

01/02/2025, 16:20

250201-ts4fmaskdj 10

01/02/2025, 16:08

250201-tk7s3s1qfj 10

Analysis

max time kernel
88s
max time network
91s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/02/2025, 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

config.zip
Size

2.6MB
MD5

b9f225231357ee5844ee62c6e3071cfd
SHA1

5856c226193f4ca93dc82a96f321f6558148bd61
SHA256

2c2b463dcc6b6b57237fc4284cb5fc2f7ac231c937ca273db591d1c5579648cc
SHA512

96be70deb64c974f5b89bfd01db08115248d76509b61748257fc07e8d7265b36c66b247a69f47fe1e0c5bea0392dff0b299a721f0db8d1273ac3bf392b7f93f5
SSDEEP

49152:g/txPWoBarEf+oWcqrR+vWrFHmArED8GMJGM7tOKsVkx3ewfmv9CKp8:g/txu9gby+e5GKED8GMJT7VsVkow6Qu8

Score

10^/10

xmrig miner

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/files/0x00060000000186c8-4.dat	family_xmrig
behavioral1/files/0x00060000000186c8-4.dat	xmrig

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Executes dropped EXE 1 IoCs

pid	Process
2304	xmrig.exe

Loads dropped DLL 15 IoCs

pid	Process
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1756	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	2820	7zG.exe
Token: 35	2820	7zG.exe
Token: SeSecurityPrivilege	2820	7zG.exe
Token: SeSecurityPrivilege	2820	7zG.exe
Token: SeLockMemoryPrivilege	2304	xmrig.exe
Token: SeLockMemoryPrivilege	2304	xmrig.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2820	7zG.exe
2304	xmrig.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\config.zip
1⤵
PID:2988

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2308

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\config\" -ad -an -ai#7zMap6238:92:7zEvent15107
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2820

C:\Users\Admin\Desktop\config\xmrig.exe
"C:\Users\Admin\Desktop\config\xmrig.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\config\config.json

Filesize
3KB

MD5
de26ff53e07da716041d372adc241376

SHA1
93b1cd0d7d2209d1799fb0af1c8cf96c360a62a2

SHA256
b64ac98f7ec85389f1771d488de2c5c1e4c99059c04b02f92fb29b22cf5be367

SHA512
c6ffb2fea0133d765c38b5df05a7814e67a348337dcfa1a43f97038186f2b611b9f602692e9c9d98f4a42917c6731233be2e6d86a9bd1b43cd98a086160ed981

Download Submit
\Users\Admin\Desktop\config\xmrig.exe

Filesize
6.1MB

MD5
f6d520ae125f03056c4646c508218d16

SHA1
f65e63d14dd57eadb262deaa2b1a8a965a2a962c

SHA256
d2fcf28897ddc2137141d838b734664ff7592e03fcd467a433a51cb4976b4fb1

SHA512
d1ec3da141ce504993a0cbf8ea4b719ffa40a2be4941c18ffc64ec3f71435f7bddadda6032ec0ae6cada66226ee39a2012079ed318df389c7c6584ad3e1c334d

Download Submit
memory/2304-20-0x00000000000F0000-0x0000000000110000-memory.dmp

Filesize
128KB

Download