xmrig | 713be6d900c555cbd5b338109ea64d99aa2801b9ec51646c73eeeeb74145d61b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aa37ab18bc6dcfb45b32b7047097884.exe
Size

784KB
MD5

0aa37ab18bc6dcfb45b32b7047097884
SHA1

6acbd188621580c44fa96ebc03b1a67a8c914163
SHA256

713be6d900c555cbd5b338109ea64d99aa2801b9ec51646c73eeeeb74145d61b
SHA512

eb6748d3d207d004719694bf46dbab8def1d256609677a66a688435cef10e304b30482ee5a0a9b2d774efca300c3ff2b31c6bcaf95212dbe784b92f4fc531c66
SSDEEP

24576:r9kq38MC1m7G+2+sw+MS0NsA1Umazx7v7:rM1mgbnM5scUFzlv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1724-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1724-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2856-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2856-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2856-25-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/2856-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2856	0aa37ab18bc6dcfb45b32b7047097884.exe

Executes dropped EXE 1 IoCs

pid	Process
2856	0aa37ab18bc6dcfb45b32b7047097884.exe

Loads dropped DLL 1 IoCs

pid	Process
1724	0aa37ab18bc6dcfb45b32b7047097884.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/memory/1724-15-0x0000000003230000-0x0000000003542000-memory.dmp	upx
behavioral1/memory/2856-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1724	0aa37ab18bc6dcfb45b32b7047097884.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1724	0aa37ab18bc6dcfb45b32b7047097884.exe
2856	0aa37ab18bc6dcfb45b32b7047097884.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2856	1724	0aa37ab18bc6dcfb45b32b7047097884.exe	29
PID 1724 wrote to memory of 2856	1724	0aa37ab18bc6dcfb45b32b7047097884.exe	29
PID 1724 wrote to memory of 2856	1724	0aa37ab18bc6dcfb45b32b7047097884.exe	29
PID 1724 wrote to memory of 2856	1724	0aa37ab18bc6dcfb45b32b7047097884.exe	29

C:\Users\Admin\AppData\Local\Temp\0aa37ab18bc6dcfb45b32b7047097884.exe
"C:\Users\Admin\AppData\Local\Temp\0aa37ab18bc6dcfb45b32b7047097884.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\0aa37ab18bc6dcfb45b32b7047097884.exe
  C:\Users\Admin\AppData\Local\Temp\0aa37ab18bc6dcfb45b32b7047097884.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\0aa37ab18bc6dcfb45b32b7047097884.exe

Filesize
784KB

MD5
3f962cb8ce7ce5f37fa59a70b38d7bef

SHA1
72355ecc129a0e8fd24237cac5b6d08d42870e50

SHA256
33e48e4ebbd2e4fd4d59c0b68f7728acd3e8732d9cbda5bbd13e494c6444643d

SHA512
5196df8920a9be33ee22183fe5034624188c0f8b4b963258b35906e0f16f33f25b836b5b00cc52529ac58ac0a75a604dbe75054ba52ead20524b4c69dd3df02d

Download Submit
memory/1724-35-0x0000000003230000-0x0000000003542000-memory.dmp

Filesize
3.1MB

Download
memory/1724-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1724-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1724-15-0x0000000003230000-0x0000000003542000-memory.dmp

Filesize
3.1MB

Download
memory/1724-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1724-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2856-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2856-19-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2856-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2856-25-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/2856-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2856-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download