Threat Detection #9643: Cryptomining Enabled by Native Windows Tools
Tags
attack-pattern: Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Regsvr32 - T1218.010 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Tool - T1588.002 Credential Dumping - T1003 Powershell - T1086 Regsvr32 - T1117 Scheduled Task - T1053 Windows Management Instrumentation - T1047 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 20611318-19c0-409d-b965-a222c0c3ca33
Fingerprint b563997189b757e3
Analysis status DONE
Considered CTI value 0
Text language
Published June 7, 2022, midnight
Added to db Jan. 18, 2023, 10:12 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Mining off the Land: Cryptomining Enabled by Native Windows Tools
Title Threat Detection #9643: Cryptomining Enabled by Native Windows Tools
Detected Hints/Tags/Attributes 84/1/12
Source URLs
Redirection Url
Details Source https://redcanary.com/blog/cryptomining-enabled-by-native-windows-tools/
URL Provider
Details Provider Source level domain
Details redcanary.com redcanary.com
Attributes
Details Type #Events CTI Value
Details File 459 
regsvr32.exe
Details File 2126 
cmd.exe
Details File 1 
antivirus.ps1
Details File 142 
wmiprvse.exe
Details File 25 
findstr.exe
Details File 14 
samlib.dll
Details File 23 
vaultcli.dll
Details File 478 
lsass.exe
Details File 1 
javaupdato.vbs
Details File 240 
wmic.exe
Details File 62 
scrobj.dll
Details File 30 
taskeng.exe