xmrig | 96d4e9b4ef592895ccbcb74a239c301215fb75da2e05937c5f949b7745f63f54

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55a7f0fd828c6830dab29e550a1c1a65.exe
Size

784KB
MD5

55a7f0fd828c6830dab29e550a1c1a65
SHA1

c654061e62c440ea4be6eb83d34bf4177472b931
SHA256

96d4e9b4ef592895ccbcb74a239c301215fb75da2e05937c5f949b7745f63f54
SHA512

6b7f545c789f7cc199c35601fe457d9c0d516c50f12e1b8b2164eb99313a1fd9fea7efc59a04c71cbd786ff55b663f39a0dbe0e82c26f6975d796ee3da9af975
SSDEEP

12288:zhZx6lK+ncSvk6lMl5SGo0MyTq5k+hmUPExtGVh0o+3Lt/wQF0e0kLgE6ekwZNRg:zd4K+h5lMWGoX5kGL3MpjRLgEpNtg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral1/memory/2112-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2036-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2036-18-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2112-16-0x0000000003250000-0x0000000003562000-memory.dmp	xmrig
behavioral1/memory/2112-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2036-25-0x0000000003230000-0x00000000033C3000-memory.dmp	xmrig
behavioral1/memory/2036-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2036-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2036-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2036	55a7f0fd828c6830dab29e550a1c1a65.exe

Executes dropped EXE 1 IoCs

pid	Process
2036	55a7f0fd828c6830dab29e550a1c1a65.exe

Loads dropped DLL 1 IoCs

pid	Process
2112	55a7f0fd828c6830dab29e550a1c1a65.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012242-10.dat	upx
behavioral1/files/0x000c000000012242-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2112	55a7f0fd828c6830dab29e550a1c1a65.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2112	55a7f0fd828c6830dab29e550a1c1a65.exe
2036	55a7f0fd828c6830dab29e550a1c1a65.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2036	2112	55a7f0fd828c6830dab29e550a1c1a65.exe	16
PID 2112 wrote to memory of 2036	2112	55a7f0fd828c6830dab29e550a1c1a65.exe	16
PID 2112 wrote to memory of 2036	2112	55a7f0fd828c6830dab29e550a1c1a65.exe	16
PID 2112 wrote to memory of 2036	2112	55a7f0fd828c6830dab29e550a1c1a65.exe	16

C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe
"C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe
  C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe

Filesize
120KB

MD5
91be0aa41928a29502134f9bd6be42d5

SHA1
70d02f062d545dae8554c0f12d7c90c252b8975e

SHA256
c2e7ec5ee23962723bf2752ec5abffd45310f2c229bd5db3aa7c23594751bba7

SHA512
4aaf4fdff85087adf57b69882fa2aa0da35df86cabd9149e7d6cc56ef7a7aa42105fd3b0f840e5929a462433e2c8907b63ec8a3d55e23d5219e73500956e6bf6

Download Submit
\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe

Filesize
111KB

MD5
ab7a6d5598034014e49e3409b89020ad

SHA1
4fd99049a43b7f2dbdf92a5e642cf298d0d33c93

SHA256
85c451252c2f58da6271fc59b18d44e80a5f17848c69a156707f1e84198217f2

SHA512
ec44fbeaac6dc805f744eedab010cd332f02f78e957691425a0713febf50d913a7cd3bd86a29b3936bb665a1b84a9997b33d5dde10e965ee29f05b6994d63840

Download Submit
memory/2036-25-0x0000000003230000-0x00000000033C3000-memory.dmp

Filesize
1.6MB

Download
memory/2036-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2036-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2036-21-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2036-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2036-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2036-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2112-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2112-16-0x0000000003250000-0x0000000003562000-memory.dmp

Filesize
3.1MB

Download
memory/2112-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2112-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2112-2-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download