xmrig | 0fdb3a6f0d16d158ee1b440c32dcfa5d2a0b4c5334593041513af74140cae167

Analysis

max time kernel
92s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2023 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3081318715a1b92b2e3ef4bbee6dd21b.exe
Size

784KB
MD5

3081318715a1b92b2e3ef4bbee6dd21b
SHA1

dcf6b0f97c8a9912d18d03ff72cc37f50b2a315a
SHA256

0fdb3a6f0d16d158ee1b440c32dcfa5d2a0b4c5334593041513af74140cae167
SHA512

eb73b6fdc2fe0d2628f6468b23530be3563a1749a85bf4c6d1a5925bec2c8b9e1336d679dfb8389cd8d2311aa194137aa0061177508fca5ff1b58d0b8b480e95
SSDEEP

24576:irnlxnqjiosIKK6cv7grMelkS/l6iM9mPS2oJvW:irrqO1I+q8QeJ6jmKdJvW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1664-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1664-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2584-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2584-21-0x00000000053D0000-0x0000000005563000-memory.dmp	xmrig
behavioral2/memory/2584-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2584-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2584	3081318715a1b92b2e3ef4bbee6dd21b.exe

Executes dropped EXE 1 IoCs

pid	Process
2584	3081318715a1b92b2e3ef4bbee6dd21b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1664-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023039-11.dat	upx
behavioral2/memory/2584-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1664	3081318715a1b92b2e3ef4bbee6dd21b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1664	3081318715a1b92b2e3ef4bbee6dd21b.exe
2584	3081318715a1b92b2e3ef4bbee6dd21b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2584	1664	3081318715a1b92b2e3ef4bbee6dd21b.exe	91
PID 1664 wrote to memory of 2584	1664	3081318715a1b92b2e3ef4bbee6dd21b.exe	91
PID 1664 wrote to memory of 2584	1664	3081318715a1b92b2e3ef4bbee6dd21b.exe	91

C:\Users\Admin\AppData\Local\Temp\3081318715a1b92b2e3ef4bbee6dd21b.exe
"C:\Users\Admin\AppData\Local\Temp\3081318715a1b92b2e3ef4bbee6dd21b.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\3081318715a1b92b2e3ef4bbee6dd21b.exe
  C:\Users\Admin\AppData\Local\Temp\3081318715a1b92b2e3ef4bbee6dd21b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3081318715a1b92b2e3ef4bbee6dd21b.exe

Filesize
784KB

MD5
a0dc83d981d88df2b4bc0688c0717deb

SHA1
c4d22a043debd1feebecc0d34ffd976e7a3faaee

SHA256
f3c34fe24cf87a7d1974de4bd9230006f207fa05700a7f3e8635374b8fcd5d39

SHA512
eaa4921d28875b9ba62a2a7176729b777131310565fe7e0dfaea0252b5611c87b78a48773e6360e8bb61fb18d5d08ffadbd750ba835fd7ead6ccc180f54150fb

Download Submit
memory/1664-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1664-1-0x0000000001A00000-0x0000000001AC4000-memory.dmp

Filesize
784KB

Download
memory/1664-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1664-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2584-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2584-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2584-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2584-21-0x00000000053D0000-0x0000000005563000-memory.dmp

Filesize
1.6MB

Download
memory/2584-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2584-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download