xmrig | 6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733 | Triage

Analysis

max time kernel
30s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 07:18

Sharing

Report Analysis Logs

General

Target

6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe
Size

5.7MB
MD5

6c5a0a2ee88342839e112ee3877e65d9
SHA1

951ffeb897e795399031d77a14982129a099eb64
SHA256

6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733
SHA512

0a5063b24ab6c7d07b0ef07d924e3341e909efd54c8d4d0b2a1d6e8f7f9100b528d03ba2ad04b9fb4432cd211b770e7ee0cfb480e301358793c59a6ebaa5e300

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1992-54-0x000000013FFD0000-0x000000014031D000-memory.dmp	xmrig

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

968 1992 WerFault.exe 6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe

description	pid	process	target process
PID 1992 wrote to memory of 968	1992	6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe	WerFault.exe
PID 1992 wrote to memory of 968	1992	6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe	WerFault.exe
PID 1992 wrote to memory of 968	1992	6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe
"C:\Users\Admin\AppData\Local\Temp\6a2eb780f2de2c6209df14ff58faa60193a4f8bd380b6d690093fe3df0f81733.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1992 -s 72
2⤵
- Program crash
PID:968

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-55-0x0000000000000000-mapping.dmp

Download
memory/1992-54-0x000000013FFD0000-0x000000014031D000-memory.dmp

Filesize
3.3MB

Download