xmrig | 3b8c768fbd1a3dfe3bbd9d2915bfc2edb6ce051e752f1b18b5ef78747c4c2b5a

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57a27ed37192c5bb79d046230cecb937.exe
Size

784KB
MD5

57a27ed37192c5bb79d046230cecb937
SHA1

5aac1822e73a00405ad8faa34884a0fc056ed366
SHA256

3b8c768fbd1a3dfe3bbd9d2915bfc2edb6ce051e752f1b18b5ef78747c4c2b5a
SHA512

a2809d7ef2170fd1ac559f0d0373eb8c14c29c7b49c10289bd260ab2f31c5aac0cee5160f375402d8c3969b00c39f4de40334a8ba08831e1631ac70b8c7a7294
SSDEEP

24576:Pf5JIPi23Mjnw0ffKBEuJdohVVo1Cr8f3p3c:TXnrwaVwCUm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2156-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2156-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2180-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2180-25-0x0000000003200000-0x0000000003393000-memory.dmp	xmrig
behavioral1/memory/2180-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2180-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2156-35-0x00000000030E0000-0x00000000033F2000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2180	57a27ed37192c5bb79d046230cecb937.exe

Executes dropped EXE 1 IoCs

pid	Process
2180	57a27ed37192c5bb79d046230cecb937.exe

Loads dropped DLL 1 IoCs

pid	Process
2156	57a27ed37192c5bb79d046230cecb937.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012251-10.dat	upx
behavioral1/files/0x000b000000012251-16.dat	upx
behavioral1/memory/2156-15-0x00000000030E0000-0x00000000033F2000-memory.dmp	upx
behavioral1/memory/2180-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2156	57a27ed37192c5bb79d046230cecb937.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2156	57a27ed37192c5bb79d046230cecb937.exe
2180	57a27ed37192c5bb79d046230cecb937.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2180	2156	57a27ed37192c5bb79d046230cecb937.exe	29
PID 2156 wrote to memory of 2180	2156	57a27ed37192c5bb79d046230cecb937.exe	29
PID 2156 wrote to memory of 2180	2156	57a27ed37192c5bb79d046230cecb937.exe	29
PID 2156 wrote to memory of 2180	2156	57a27ed37192c5bb79d046230cecb937.exe	29

C:\Users\Admin\AppData\Local\Temp\57a27ed37192c5bb79d046230cecb937.exe
"C:\Users\Admin\AppData\Local\Temp\57a27ed37192c5bb79d046230cecb937.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\57a27ed37192c5bb79d046230cecb937.exe
  C:\Users\Admin\AppData\Local\Temp\57a27ed37192c5bb79d046230cecb937.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\57a27ed37192c5bb79d046230cecb937.exe

Filesize
302KB

MD5
1427657ab2633dbcf6ebde0aa0dc1234

SHA1
608368cf0d65b74ae0b477f90cad10179fd44d64

SHA256
d6e9f2971b306b8b9de865be8d4f1e38509d7ae97100c3b596cdb8c2c7a4631f

SHA512
c62a73ab78d4c9f168846775d49a7cf52c4a362e2371c2d6c2f2774e99067390e4dabb52733a28fb7db3ab09956fd0459a4e1e18e32b6d4073bec589d8f48925

Download Submit
\Users\Admin\AppData\Local\Temp\57a27ed37192c5bb79d046230cecb937.exe

Filesize
443KB

MD5
0dac89017b6d21d92a3dadc63c4cb5b1

SHA1
bb761afc63defd146d71ad7bbdfc5d54657d6f4d

SHA256
3c1ba1952bfbe9d7d834da01aff50f8107115a91bacd4e8be0c7a23e8bb650ed

SHA512
55eb3f5977f6990f1e5754ea2a2d5af65cd8d8c8d4ab4547efcdeaf2fa6114d168acc4824c64559fc74592ec26a8730ec5dc919ba1a538f998051d114c04f049

Download Submit
memory/2156-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2156-3-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2156-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2156-15-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/2156-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2156-35-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/2180-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2180-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2180-25-0x0000000003200000-0x0000000003393000-memory.dmp

Filesize
1.6MB

Download
memory/2180-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2180-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2180-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download