xmrig | 96d4e9b4ef592895ccbcb74a239c301215fb75da2e05937c5f949b7745f63f54

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55a7f0fd828c6830dab29e550a1c1a65.exe
Size

784KB
MD5

55a7f0fd828c6830dab29e550a1c1a65
SHA1

c654061e62c440ea4be6eb83d34bf4177472b931
SHA256

96d4e9b4ef592895ccbcb74a239c301215fb75da2e05937c5f949b7745f63f54
SHA512

6b7f545c789f7cc199c35601fe457d9c0d516c50f12e1b8b2164eb99313a1fd9fea7efc59a04c71cbd786ff55b663f39a0dbe0e82c26f6975d796ee3da9af975
SSDEEP

12288:zhZx6lK+ncSvk6lMl5SGo0MyTq5k+hmUPExtGVh0o+3Lt/wQF0e0kLgE6ekwZNRg:zd4K+h5lMWGoX5kGL3MpjRLgEpNtg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4012-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4692-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4692-20-0x0000000005370000-0x0000000005503000-memory.dmp	xmrig
behavioral2/memory/4692-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4692-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4012-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4692	55a7f0fd828c6830dab29e550a1c1a65.exe

Executes dropped EXE 1 IoCs

pid	Process
4692	55a7f0fd828c6830dab29e550a1c1a65.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4012-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000d00000002311e-11.dat	upx
behavioral2/memory/4692-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4012	55a7f0fd828c6830dab29e550a1c1a65.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4012	55a7f0fd828c6830dab29e550a1c1a65.exe
4692	55a7f0fd828c6830dab29e550a1c1a65.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 4692	4012	55a7f0fd828c6830dab29e550a1c1a65.exe	25
PID 4012 wrote to memory of 4692	4012	55a7f0fd828c6830dab29e550a1c1a65.exe	25
PID 4012 wrote to memory of 4692	4012	55a7f0fd828c6830dab29e550a1c1a65.exe	25

C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe
"C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe
  C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\55a7f0fd828c6830dab29e550a1c1a65.exe

Filesize
12KB

MD5
96fd0f4d62b8f4e6ee75a338602d36b8

SHA1
b084de56d57c23494adb3b4255a4acd3eeebdad6

SHA256
5e0eb66f4e0097fe9135c21c12bf255e178f34c6f58ce960e6227d276fc2a600

SHA512
353315163b82316133d49e892397d5bfbf0305476318924262c903e3f12ffc7c2ff8e69e23179076cf95bd3859c2bbcc8d9a2b30556be077f0c7bdcaaeecb24a

Download Submit
memory/4012-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4012-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4012-1-0x0000000001AD0000-0x0000000001B94000-memory.dmp

Filesize
784KB

Download
memory/4012-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4692-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4692-15-0x0000000001980000-0x0000000001A44000-memory.dmp

Filesize
784KB

Download
memory/4692-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4692-20-0x0000000005370000-0x0000000005503000-memory.dmp

Filesize
1.6MB

Download
memory/4692-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4692-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download