Overview

overview

10

Static

static

10

191638049e...ca.exe

windows7-x64

10

191638049e...ca.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2025, 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    191638049eb03cc9d0d65f266648ce90301c5cd964c91277e4e6ef603e5f4bca.exe

  • Size

    1.0MB

  • MD5

    ca5b0b8c7b39453c7ad13f1b16f5b78f

  • SHA1

    6d2e8191f271ff93bb3efae092bc806da9945873

  • SHA256

    191638049eb03cc9d0d65f266648ce90301c5cd964c91277e4e6ef603e5f4bca

  • SHA512

    e86b46cc39c3f147c014444a8e50e4511a29cf2ad5b74e0bf029b8c8a96ab0e195950200c9ca9a28807c222d8f11fed35f3aebf4a20de3cae9c395c9729a1d0f

  • SSDEEP

    24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcmC3f/jU5S:knw9oUUEEDl37jcmWH7

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 12 IoCs
    miner
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191638049eb03cc9d0d65f266648ce90301c5cd964c91277e4e6ef603e5f4bca.exe
    "C:\Users\Admin\AppData\Local\Temp\191638049eb03cc9d0d65f266648ce90301c5cd964c91277e4e6ef603e5f4bca.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2380-0-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-1-0x00000000000F0000-0x0000000000100000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2380-2-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-3-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-4-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-5-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-6-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-7-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-8-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-9-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-10-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-11-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-12-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2380-13-0x000000013FEB0000-0x00000001402A1000-memory.dmp

    Filesize

    3.9MB

    Download