Overview

overview

10

Static

static

7

08d8036da2...52.exe

windows7-x64

10

08d8036da2...52.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    08d8036da2cfcdf8b1883d589e37c152.exe

  • Size

    3.1MB

  • MD5

    08d8036da2cfcdf8b1883d589e37c152

  • SHA1

    7013d97b566c9fd324d5fd6aec7e2c82f706d58a

  • SHA256

    a032a8fe41816cb3b2d932e7219e116cb86d932867a984684f29530b98509690

  • SHA512

    2de770e8e0b03c1d39bcddc27048a472d269e4ab4a832a5acedfc00a158e16a37c032094aa618ed1d422c7b376c4c30f21cb743e6fba1720336385002872af7f

  • SSDEEP

    98304:ez5djsBQ3huE8hZhbPPeiQtx550oFJyRCKI4RoI/K:coBQRMZhbOR9qgJyHaY

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08d8036da2cfcdf8b1883d589e37c152.exe
    "C:\Users\Admin\AppData\Local\Temp\08d8036da2cfcdf8b1883d589e37c152.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3508
    • C:\Users\Admin\AppData\Local\Temp\08d8036da2cfcdf8b1883d589e37c152.exe
      C:\Users\Admin\AppData\Local\Temp\08d8036da2cfcdf8b1883d589e37c152.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3432

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\08d8036da2cfcdf8b1883d589e37c152.exe
          Filesize

          784KB

          MD5

          021ea21af71c9aa622e9b0857d517850

          SHA1

          4bd74829b2110970ba422988c666a0bc9497c593

          SHA256

          f74740b8e6cc08861175b82b6e6207afcd3f5a79e3bbad4c938cd20d1710c9af

          SHA512

          55afc59a7666c99e683b2e2efeb49c2337c2a2d22cff45e7fb59b4708f0a669353a036677225e301dfc6e0933075784d69d27d952b95a4b772599cc93c628959

          Download Submit

        • memory/3432-13-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3432-16-0x00000000019E0000-0x0000000001AA4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3432-14-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3432-20-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3432-21-0x00000000053D0000-0x0000000005563000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3432-30-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3508-0-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3508-1-0x00000000018F0000-0x00000000019B4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3508-2-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3508-12-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download