xmrig | 323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab | Triage

Submit
Reports

Overview

overview

Static

static

3

323e3c649b...cs.exe

windows7-x64

323e3c649b...cs.exe

windows10-2004-x64

Sharing

General

Target

323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab_NeikiAnalytics.exe
Size

2.5MB
Sample

240701-d2pe3ayblj
MD5

048b14e9e5ada2a0f077d830af4383e0
SHA1

228ae4e627d700db79c8b866c00c6818564ea3d2
SHA256

323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab
SHA512

c6755f9836a68f465418451a20d606e6f1819b3871b2b663bd84481f114b5bdf2cc1ed905b523ff27421147e9d3f40c5e6c45b2e6a3b5be8b1696ecb4e7ad775
SSDEEP

49152:sf4a+2CTAF1ja2hrkJ0UXeFvcpnIUsLgLfjnWspdwnicE6LvPpeGP/UOLpOYC9:m+bAjhhrkaUXeFvcE+fKYihEeomLpOH9

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab_NeikiAnalytics.exe

Resource

win7-20240611-en

xmrig evasion execution miner persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

xmrig evasion execution miner persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab_NeikiAnalytics.exe
- Size
  
  2.5MB
- MD5
  
  048b14e9e5ada2a0f077d830af4383e0
- SHA1
  
  228ae4e627d700db79c8b866c00c6818564ea3d2
- SHA256
  
  323e3c649b1914c9bbc380ea16b970df35c9b1723ea7d903912c4f1f3a7dbdab
- SHA512
  
  c6755f9836a68f465418451a20d606e6f1819b3871b2b663bd84481f114b5bdf2cc1ed905b523ff27421147e9d3f40c5e6c45b2e6a3b5be8b1696ecb4e7ad775
- SSDEEP
  
  49152:sf4a+2CTAF1ja2hrkJ0UXeFvcpnIUsLgLfjnWspdwnicE6LvPpeGP/UOLpOYC9:m+bAjhhrkaUXeFvcE+fKYihEeomLpOH9
Score

10^/10

xmrig evasion execution miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Stops running service(s)
  evasion execution
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

behavioral2

xmrigevasionexecutionminerpersistenceupx

© 2018-2024

Terms | Privacy