xmrig | fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2

Analysis

max time kernel
113s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2025, 16:25

Target

fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2.exe
Size

1.2MB
MD5

4c46e71a72a714d08e89f1dcfeb5811e
SHA1

770562cfb85720f5cc1c65f9eed332249ba45ef7
SHA256

fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2
SHA512

c11e38256bb1df0d604e3392eb225d4d792ec747138d5eb4cf23efda2ddfd978996ed9a7b7501fbe090aec04a3aa42369a432faafca9453d77a2d3f76a18e3c0
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlOqzJO0RD/J54y9K6WdWLLH:knw9oUUEEDlOuJnRRoS

Score

10^/10

xmrig miner upx

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral2/memory/3148-2-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-3-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-4-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-5-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-6-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-7-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-8-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-9-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-10-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-11-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-12-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig
behavioral2/memory/3148-13-0x00007FF757920000-0x00007FF757D11000-memory.dmp	xmrig

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3148-0-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-2-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-3-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-4-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-5-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-6-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-7-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-8-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-9-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-10-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-11-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-12-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx
behavioral2/memory/3148-13-0x00007FF757920000-0x00007FF757D11000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3148	fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2.exe
Token: SeLockMemoryPrivilege	3148	fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2.exe

C:\Users\Admin\AppData\Local\Temp\fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2.exe
"C:\Users\Admin\AppData\Local\Temp\fb1a1c3f88f78c2954efb5a663560b5a3caa2f457e001bfa5110497ddab7f0a2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3148

memory/3148-0-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-1-0x000001F271870000-0x000001F271880000-memory.dmp

Filesize
64KB

Download
memory/3148-2-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-3-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-4-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-5-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-6-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-7-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-8-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-9-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-10-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-11-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-12-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download
memory/3148-13-0x00007FF757920000-0x00007FF757D11000-memory.dmp

Filesize
3.9MB

Download