xmrig | c8a6c2c8b3625412820521c9b05f77c2b1ffc206189012b5da68c9ebc3eb7070

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0683ec9bf23d56eefd21dad2f5903c92.exe
Size

784KB
MD5

0683ec9bf23d56eefd21dad2f5903c92
SHA1

959aefeceae51813d2f917dbb1d5b1a7f005d1bd
SHA256

c8a6c2c8b3625412820521c9b05f77c2b1ffc206189012b5da68c9ebc3eb7070
SHA512

2f30c0b8be6bda606dd3b63fe230836a1d4c678786edb3b29c8295117b8e3d870c1591649810fa69d8cd9e08604f1579a5ec3c7694e133151c5fbcc6a933d43c
SSDEEP

24576:c0+wDK5cFmou144NfC1W//DIj1SP3JcoajUpfyGJ:c0gSktK0cRuGUp6G

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2624-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2624-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2316-20-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2316-26-0x00000000030A0000-0x0000000003233000-memory.dmp	xmrig
behavioral1/memory/2316-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2316-35-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2316-36-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2316	0683ec9bf23d56eefd21dad2f5903c92.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	0683ec9bf23d56eefd21dad2f5903c92.exe

Loads dropped DLL 1 IoCs

pid	Process
2624	0683ec9bf23d56eefd21dad2f5903c92.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2624-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012246-10.dat	upx
behavioral1/memory/2624-15-0x0000000003080000-0x0000000003392000-memory.dmp	upx
behavioral1/files/0x0009000000012246-16.dat	upx
behavioral1/memory/2316-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2624	0683ec9bf23d56eefd21dad2f5903c92.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2624	0683ec9bf23d56eefd21dad2f5903c92.exe
2316	0683ec9bf23d56eefd21dad2f5903c92.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2316	2624	0683ec9bf23d56eefd21dad2f5903c92.exe	29
PID 2624 wrote to memory of 2316	2624	0683ec9bf23d56eefd21dad2f5903c92.exe	29
PID 2624 wrote to memory of 2316	2624	0683ec9bf23d56eefd21dad2f5903c92.exe	29
PID 2624 wrote to memory of 2316	2624	0683ec9bf23d56eefd21dad2f5903c92.exe	29

C:\Users\Admin\AppData\Local\Temp\0683ec9bf23d56eefd21dad2f5903c92.exe
"C:\Users\Admin\AppData\Local\Temp\0683ec9bf23d56eefd21dad2f5903c92.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\0683ec9bf23d56eefd21dad2f5903c92.exe
  C:\Users\Admin\AppData\Local\Temp\0683ec9bf23d56eefd21dad2f5903c92.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0683ec9bf23d56eefd21dad2f5903c92.exe

Filesize
784KB

MD5
69e2380e24c50322a8013b3f745383bb

SHA1
f7963dae64b23b38c2cff7511b74d0cc9d06c96b

SHA256
d1586e53e79f2fddfa3ae7398aa1e9dc643c9f2d46e24eb98484e8c7f4ed3a63

SHA512
2c82ecbaae0e2009df2605ff4a02dd3a0b69264917aae2ee11c8a2058024eb97a976f9bcd473cd06e05e89c26cde3a96b8262c7ab213bd81ba52ce8380be902d

Download Submit
memory/2316-19-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2316-36-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2316-35-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2316-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2316-26-0x00000000030A0000-0x0000000003233000-memory.dmp

Filesize
1.6MB

Download
memory/2316-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2316-20-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2624-15-0x0000000003080000-0x0000000003392000-memory.dmp

Filesize
3.1MB

Download
memory/2624-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2624-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2624-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2624-14-0x0000000000610000-0x0000000000711000-memory.dmp

Filesize
1.0MB

Download
memory/2624-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download