xmrig | fdbd17761ac4b2ec9b7a0abec20049da0f3ce045ea4feecc5c40243c9c3ea6eb

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

100852fe568182a47b154030590998eb.exe
Size

784KB
MD5

100852fe568182a47b154030590998eb
SHA1

ed6ef75222924feebe776ef98d4be0c4a96a4046
SHA256

fdbd17761ac4b2ec9b7a0abec20049da0f3ce045ea4feecc5c40243c9c3ea6eb
SHA512

d2380c49bc65f50882973494118586e3f7885e3091a5eef6f3fc19eafa56ed96a709fdea2939d8e93643c8dfac7fc531adb2e3bedfb7adc269461e50724fa71c
SSDEEP

12288:Rz/0/fS2mwcl2Ri/Vep5k93yAWP4Yl60EYnXKTNQ6DF+9JE2Cv8uK83B9:a/K2mdlKwVuIKT6vNxDFuJE3v8+3r

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2636-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2636-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3496-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3496-21-0x0000000005400000-0x0000000005593000-memory.dmp	xmrig
behavioral2/memory/3496-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3496-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3496	100852fe568182a47b154030590998eb.exe

Executes dropped EXE 1 IoCs

pid	Process
3496	100852fe568182a47b154030590998eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2636-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000600000002320b-11.dat	upx
behavioral2/memory/3496-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2636	100852fe568182a47b154030590998eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2636	100852fe568182a47b154030590998eb.exe
3496	100852fe568182a47b154030590998eb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 3496	2636	100852fe568182a47b154030590998eb.exe	90
PID 2636 wrote to memory of 3496	2636	100852fe568182a47b154030590998eb.exe	90
PID 2636 wrote to memory of 3496	2636	100852fe568182a47b154030590998eb.exe	90

C:\Users\Admin\AppData\Local\Temp\100852fe568182a47b154030590998eb.exe
"C:\Users\Admin\AppData\Local\Temp\100852fe568182a47b154030590998eb.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Users\Admin\AppData\Local\Temp\100852fe568182a47b154030590998eb.exe
  C:\Users\Admin\AppData\Local\Temp\100852fe568182a47b154030590998eb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\100852fe568182a47b154030590998eb.exe

Filesize
609KB

MD5
5f4a7ea4567ecc212e70b605f96bf595

SHA1
22013726cdcb07e2f10303505f2d570cc8c7b6b6

SHA256
96c6541bad34c3fcdde209bf370c67cb4b7460c1df2d63b4cd03e9e17812c8a4

SHA512
c2e7dce8b6ef1968b81f81f709a6d8a6f321ea612de69d6dd4171bf003cf943267727b4b334b0a26a15537e0af6feaa73843c88a89bc1bdf4cf738d1ca84fc1a

Download Submit
memory/2636-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2636-1-0x0000000001AC0000-0x0000000001B84000-memory.dmp

Filesize
784KB

Download
memory/2636-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2636-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3496-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3496-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3496-14-0x0000000001900000-0x00000000019C4000-memory.dmp

Filesize
784KB

Download
memory/3496-21-0x0000000005400000-0x0000000005593000-memory.dmp

Filesize
1.6MB

Download
memory/3496-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3496-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download