xmrig | 4ad8c7e5d371a1cdea15c7b391a72cdb057e1d3da359485bdbaec448d8cbdbc4

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

583b8f0ea1a3ee08292ee00e0e6df22e.exe
Size

784KB
MD5

583b8f0ea1a3ee08292ee00e0e6df22e
SHA1

41b94c48d39ba69b1946175dd365d0aa47d064cb
SHA256

4ad8c7e5d371a1cdea15c7b391a72cdb057e1d3da359485bdbaec448d8cbdbc4
SHA512

2fa81a41fd4943c98fac896f0edc26564bb3dc51eee243f9d100479b41b784bd899de8557f3fa3ccd548b5073effd7b7a8a00d0e015b1926bbe10e6785c5413e
SSDEEP

24576:SO5IX+/9LehWuN4fuCkJ6wstiQFsFiWn4Xr:SO5b9LePN4fS68iWn47

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2180-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4588-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2180-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4588-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4588-20-0x0000000005400000-0x0000000005593000-memory.dmp	xmrig
behavioral2/memory/4588-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4588	583b8f0ea1a3ee08292ee00e0e6df22e.exe

Executes dropped EXE 1 IoCs

pid	Process
4588	583b8f0ea1a3ee08292ee00e0e6df22e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2180-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000c000000023200-11.dat	upx
behavioral2/memory/4588-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	583b8f0ea1a3ee08292ee00e0e6df22e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	583b8f0ea1a3ee08292ee00e0e6df22e.exe
4588	583b8f0ea1a3ee08292ee00e0e6df22e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 4588	2180	583b8f0ea1a3ee08292ee00e0e6df22e.exe	92
PID 2180 wrote to memory of 4588	2180	583b8f0ea1a3ee08292ee00e0e6df22e.exe	92
PID 2180 wrote to memory of 4588	2180	583b8f0ea1a3ee08292ee00e0e6df22e.exe	92

C:\Users\Admin\AppData\Local\Temp\583b8f0ea1a3ee08292ee00e0e6df22e.exe
"C:\Users\Admin\AppData\Local\Temp\583b8f0ea1a3ee08292ee00e0e6df22e.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\583b8f0ea1a3ee08292ee00e0e6df22e.exe
  C:\Users\Admin\AppData\Local\Temp\583b8f0ea1a3ee08292ee00e0e6df22e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\583b8f0ea1a3ee08292ee00e0e6df22e.exe

Filesize
79KB

MD5
e31303d81c744c59e2b2f10adb564f72

SHA1
b4b72b6053106ecbc3e1de78b87d96f07a6297d1

SHA256
1e353273cb8b6c33acb93d27f137e8cd3fd945e717c1a31e04c4e5b81f399fdb

SHA512
57cb5f8aa04688fbe8149a174f792168f94fcd56520c1dafdad96f70ea9bd79d86893828e8c4d6548d3ab378688d04b2ee796223b308fb081537be22e97f113c

Download Submit
memory/2180-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2180-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2180-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2180-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4588-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4588-16-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4588-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4588-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4588-20-0x0000000005400000-0x0000000005593000-memory.dmp

Filesize
1.6MB

Download
memory/4588-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download