xmrig | c03545911e57ee7df6384b1051bf87c8e53e7657b4655487d72b02382afb6f50

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5db8357107ef9a7c787ee07575263fb0.exe
Size

784KB
MD5

5db8357107ef9a7c787ee07575263fb0
SHA1

31f764ceb08e747f3f7db02b947dabc43610497f
SHA256

c03545911e57ee7df6384b1051bf87c8e53e7657b4655487d72b02382afb6f50
SHA512

650c7546d2c05adfa964276da873c4de48cb770edd356fdc068a9be6bf8deb04a2fa2c3bd606ab59ea6b55dc4788d7c190da9692df0bc0a371897a1dc9d52b67
SSDEEP

24576:9LpgxRkYf+xxrzgOiQMAtwQxKeBIKhjPX/:1WvkYfKiQYQxKv6j

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2060-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2060-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2208-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2208-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2208-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2208-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2208	5db8357107ef9a7c787ee07575263fb0.exe

Executes dropped EXE 1 IoCs

pid	Process
2208	5db8357107ef9a7c787ee07575263fb0.exe

Loads dropped DLL 1 IoCs

pid	Process
2060	5db8357107ef9a7c787ee07575263fb0.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2060-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012327-10.dat	upx
behavioral1/memory/2060-15-0x00000000031B0000-0x00000000034C2000-memory.dmp	upx
behavioral1/files/0x000c000000012327-16.dat	upx
behavioral1/memory/2208-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2060	5db8357107ef9a7c787ee07575263fb0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2060	5db8357107ef9a7c787ee07575263fb0.exe
2208	5db8357107ef9a7c787ee07575263fb0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2208	2060	5db8357107ef9a7c787ee07575263fb0.exe	29
PID 2060 wrote to memory of 2208	2060	5db8357107ef9a7c787ee07575263fb0.exe	29
PID 2060 wrote to memory of 2208	2060	5db8357107ef9a7c787ee07575263fb0.exe	29
PID 2060 wrote to memory of 2208	2060	5db8357107ef9a7c787ee07575263fb0.exe	29

C:\Users\Admin\AppData\Local\Temp\5db8357107ef9a7c787ee07575263fb0.exe
"C:\Users\Admin\AppData\Local\Temp\5db8357107ef9a7c787ee07575263fb0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\5db8357107ef9a7c787ee07575263fb0.exe
  C:\Users\Admin\AppData\Local\Temp\5db8357107ef9a7c787ee07575263fb0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5db8357107ef9a7c787ee07575263fb0.exe

Filesize
61KB

MD5
762f55c81685049102606d2786b13de1

SHA1
b67c91030be2d593e842a24250738819dd2df416

SHA256
d85ae585de1cb8a982a12bebee16b56d19ac4d4705ff2593a9ae8a6e75343260

SHA512
9d021cc344dcc45cc7aa1759e9f5fa70d00cb1f61b92e4a72e1f6b61d5aabebb4806cd6c540245bbbedd8777d37f6c09ee7fe7bc9e3734ddd801b9963dc4ee19

Download Submit
\Users\Admin\AppData\Local\Temp\5db8357107ef9a7c787ee07575263fb0.exe

Filesize
123KB

MD5
812f6c796e3f2ee118390581914c2abe

SHA1
b3108dd5e03644734058cb95530ff38304346467

SHA256
7150b47f0e1df4f93f79cf17f920f7a021a0bd27969f9dddeb72261c08ef526c

SHA512
c649bcd58e05720047a699acc174f30fd6c96a88127974ca680b86bc669d726c389fa57bde1a131b25af66f39d6335452489ce79c1b2d917bb88aad08c5ad842

Download Submit
memory/2060-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2060-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2060-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2060-15-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download
memory/2060-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2208-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2208-18-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/2208-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2208-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2208-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2208-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download