xmrig | 33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223

Analysis

max time kernel
142s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2023, 15:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe
Size

3.7MB
MD5

ff1942fe4de07199e7d3d174404a9552
SHA1

320461e1f2601a641b7dce9f9e41a00444794aac
SHA256

33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223
SHA512

8eba9096d7db1d403cfac858d30d858a73489de81f89208f7e910fc88c8c7171d5576b02a4c2733bf2b9c35c6b083627bedad192f5d2a1988a07fd407d85fd64
SSDEEP

98304:gV46nDo3zOf/LnzTygrM3uLBp2sxINqsV/pBNCbfdA:MM3ze/jzVrS5sxIN5m5A

Score

10^/10

xmrig miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 16 IoCs

miner

resource	yara_rule
behavioral2/files/0x000a00000002314b-138.dat	xmrig
behavioral2/files/0x000a00000002314b-137.dat	xmrig
behavioral2/memory/3740-139-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-140-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-141-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-142-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-143-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-144-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-145-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-146-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-147-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-148-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-149-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-150-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-151-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig
behavioral2/memory/3740-152-0x0000000000400000-0x0000000000C26000-memory.dmp	xmrig

Executes dropped EXE 1 IoCs

pid	Process
3740	xmrig.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe
1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3740	xmrig.exe
Token: SeLockMemoryPrivilege	3740	xmrig.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe
1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 3740	1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe	84
PID 1000 wrote to memory of 3740	1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe	84
PID 1000 wrote to memory of 3740	1000	33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe	84

C:\Users\Admin\AppData\Local\Temp\33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe
"C:\Users\Admin\AppData\Local\Temp\33e8b405f58fe047300330295c5b825e4950c9907493c1292c17df23602a8223.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1000
- C:\xmrig.exe
  C:\xmrig.exe -o auto.c3pool.org:23333 -u 49hiKyufRb69NW8Ep9YS1s2AFUdpGHqJWTzEmiwGmSWzRHn51PqEkEBC9WbgDnPUpC6tbgYdP7Aga3GSPytaiVAk9rb9z57 -p x
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\xmrig.exe

Filesize
7.5MB

MD5
8719a267d07afc022f4bb38c52ef413f

SHA1
3256d32466ae949de1bd5658efde8c440e71326b

SHA256
d6d7dcf59870ef69bf16fa04c91d357fc32b0dfdbd05de311f5dfc77f3e4747a

SHA512
45f77f59cb3a8d2b93090e25a4674c9d227fbe2dee9d8fc685d8fed4574f6b3119f7204786318890a4a36f8fb1bd4f0734f58fc6ff31ef95f2e3473a74f1a1df

Download Submit
C:\xmrig.exe

Filesize
7.5MB

MD5
8719a267d07afc022f4bb38c52ef413f

SHA1
3256d32466ae949de1bd5658efde8c440e71326b

SHA256
d6d7dcf59870ef69bf16fa04c91d357fc32b0dfdbd05de311f5dfc77f3e4747a

SHA512
45f77f59cb3a8d2b93090e25a4674c9d227fbe2dee9d8fc685d8fed4574f6b3119f7204786318890a4a36f8fb1bd4f0734f58fc6ff31ef95f2e3473a74f1a1df

Download Submit
memory/3740-145-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-146-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-141-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-142-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-143-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-144-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-139-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-140-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-147-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-148-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-149-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-150-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-151-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download
memory/3740-152-0x0000000000400000-0x0000000000C26000-memory.dmp

Filesize
8.1MB

Download