xmrig | 3228e12ac3b39c6f1f2ae1bb4cd420e3ce86e1986f20a8015bf7988641960288

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16590226429e81d9fbe5cf15056d756f.exe
Size

784KB
MD5

16590226429e81d9fbe5cf15056d756f
SHA1

72d2c8415fa5abecef2a0d8820a295c14aeabcd2
SHA256

3228e12ac3b39c6f1f2ae1bb4cd420e3ce86e1986f20a8015bf7988641960288
SHA512

07d691fab5caabeaa9c9945c9c74dfa3b2d30ee577b67b85ee64d0b2edac05717f4db80fc8e3ced8ba32a67725801867a6bb6c9721556ae9d24e1a234b419967
SSDEEP

24576:YEDwh2FQb/tlHgczmLLuDOuU4qe8eq9tzhhUZ:RUUFQrtFgAm/W73qXRzhhU

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/1236-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1236-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2524-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2524-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2524-20-0x0000000005350000-0x00000000054E3000-memory.dmp	xmrig
behavioral2/memory/2524-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/2524-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2524	16590226429e81d9fbe5cf15056d756f.exe

Executes dropped EXE 1 IoCs

pid	Process
2524	16590226429e81d9fbe5cf15056d756f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1236-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000001e712-11.dat	upx
behavioral2/memory/2524-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1236	16590226429e81d9fbe5cf15056d756f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1236	16590226429e81d9fbe5cf15056d756f.exe
2524	16590226429e81d9fbe5cf15056d756f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2524	1236	16590226429e81d9fbe5cf15056d756f.exe	90
PID 1236 wrote to memory of 2524	1236	16590226429e81d9fbe5cf15056d756f.exe	90
PID 1236 wrote to memory of 2524	1236	16590226429e81d9fbe5cf15056d756f.exe	90

C:\Users\Admin\AppData\Local\Temp\16590226429e81d9fbe5cf15056d756f.exe
"C:\Users\Admin\AppData\Local\Temp\16590226429e81d9fbe5cf15056d756f.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Users\Admin\AppData\Local\Temp\16590226429e81d9fbe5cf15056d756f.exe
  C:\Users\Admin\AppData\Local\Temp\16590226429e81d9fbe5cf15056d756f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\16590226429e81d9fbe5cf15056d756f.exe

Filesize
784KB

MD5
4cddf6d7371fcb62544d25a2544a24e7

SHA1
ea9b5fa9140c0a9ee03a1bf1356763a8957aea27

SHA256
1b2366e80ef89bc97ffab9befc07fa34683e1d3faa3dbdacd6d6c8bf3745d1c0

SHA512
8f800ffd1de1b8bbb3be56bc8c4c6dfc5538ddf88c29c2cd1363cae9ff0059b35b71ece0ff648849abb0022e26b6474d1ebdbaab6e315e1a0a49edd9bfb9a3dd

Download Submit
memory/1236-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1236-1-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/1236-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1236-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2524-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2524-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2524-15-0x0000000001AE0000-0x0000000001BA4000-memory.dmp

Filesize
784KB

Download
memory/2524-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2524-20-0x0000000005350000-0x00000000054E3000-memory.dmp

Filesize
1.6MB

Download
memory/2524-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2524-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download