xmrig | 9e2057736451b4e62d3e4cdf081440903b482a1329b7e9b0b73f97e8ae37ebf8

Analysis

max time kernel
137s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

162021c82a2eb081e4f420e827d3e3f5.exe
Size

1.5MB
MD5

162021c82a2eb081e4f420e827d3e3f5
SHA1

133f9375b4d313ab83525ae1c68d065e2f1551cd
SHA256

9e2057736451b4e62d3e4cdf081440903b482a1329b7e9b0b73f97e8ae37ebf8
SHA512

13e039600e96a99264af22fdde3c124d96c845c2522e60526ec424a436e2e3004ffd2952a1243477477951cc43f378ed8384d11e00bf7c23d246e0321f539033
SSDEEP

49152:Gk8TioeCLQLqpX/gfOHUfTTEdWSh4VSSGJT:KfY4X/gfOHoCu4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4984-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4984-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2784-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2784-23-0x00000000053B0000-0x0000000005543000-memory.dmp	xmrig
behavioral2/memory/2784-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2784-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2784	162021c82a2eb081e4f420e827d3e3f5.exe

Executes dropped EXE 1 IoCs

pid	Process
2784	162021c82a2eb081e4f420e827d3e3f5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4984-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000f00000002315a-12.dat	upx
behavioral2/memory/2784-14-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4984	162021c82a2eb081e4f420e827d3e3f5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4984	162021c82a2eb081e4f420e827d3e3f5.exe
2784	162021c82a2eb081e4f420e827d3e3f5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 2784	4984	162021c82a2eb081e4f420e827d3e3f5.exe	89
PID 4984 wrote to memory of 2784	4984	162021c82a2eb081e4f420e827d3e3f5.exe	89
PID 4984 wrote to memory of 2784	4984	162021c82a2eb081e4f420e827d3e3f5.exe	89

C:\Users\Admin\AppData\Local\Temp\162021c82a2eb081e4f420e827d3e3f5.exe
"C:\Users\Admin\AppData\Local\Temp\162021c82a2eb081e4f420e827d3e3f5.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Users\Admin\AppData\Local\Temp\162021c82a2eb081e4f420e827d3e3f5.exe
  C:\Users\Admin\AppData\Local\Temp\162021c82a2eb081e4f420e827d3e3f5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\162021c82a2eb081e4f420e827d3e3f5.exe

Filesize
784KB

MD5
e642016609177c7a33072a03fa9b781e

SHA1
270ba75a98c89b7e4aa04226974f14fde77a5100

SHA256
64db983b0479957da1355061f865369e7bcae0b26f6c78eb2ec26b65f7422f3c

SHA512
90bd5d83b9afc6296fc5ad553e94eb973536bd03480fa5d31f07999e294a9c9b241cd09c8f048bab20d4de5bad267737d62b3316262176e836552497393f16b9

Download Submit
memory/2784-14-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2784-17-0x00000000019C0000-0x0000000001A84000-memory.dmp

Filesize
784KB

Download
memory/2784-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2784-23-0x00000000053B0000-0x0000000005543000-memory.dmp

Filesize
1.6MB

Download
memory/2784-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2784-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4984-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4984-1-0x0000000001980000-0x0000000001A44000-memory.dmp

Filesize
784KB

Download
memory/4984-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4984-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download