xmrig | 85852fc9599b610cee677da39dfd0b1a4deeb42fa2745946fd13d3df446465c0

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61ebe1bd60547fa219e4e26340c693fa.exe
Size

784KB
MD5

61ebe1bd60547fa219e4e26340c693fa
SHA1

9c60c08d52563dce569a1cbdf8468d506cb0c961
SHA256

85852fc9599b610cee677da39dfd0b1a4deeb42fa2745946fd13d3df446465c0
SHA512

7d3a31e0a62f1a4af9579bd02ff879875210d2a52d5d9ead8162e3d4516d39b32d8479f6f05f6f61232ff1813e777e7b88d591b02ea6e949edb64afa4ede388e
SSDEEP

12288:vi/P64iVF3tWhXL2DkHsYfbbrsOssoycl6q5mMvp7i2YtU06mEiz0b7DVBxC:KgKRsYfrsbN515mG2pSVk0HxB0

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2360-15-0x0000000003100000-0x0000000003412000-memory.dmp	xmrig
behavioral1/memory/2360-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2360-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1284-25-0x00000000030D0000-0x0000000003263000-memory.dmp	xmrig
behavioral1/memory/1284-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1284-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1284-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1284-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1284	61ebe1bd60547fa219e4e26340c693fa.exe

Executes dropped EXE 1 IoCs

pid	Process
1284	61ebe1bd60547fa219e4e26340c693fa.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	61ebe1bd60547fa219e4e26340c693fa.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2360-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c0000000122dc-10.dat	upx
behavioral1/memory/1284-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c0000000122dc-16.dat	upx
behavioral1/memory/2360-15-0x0000000003100000-0x0000000003412000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2360	61ebe1bd60547fa219e4e26340c693fa.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2360	61ebe1bd60547fa219e4e26340c693fa.exe
1284	61ebe1bd60547fa219e4e26340c693fa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1284	2360	61ebe1bd60547fa219e4e26340c693fa.exe	29
PID 2360 wrote to memory of 1284	2360	61ebe1bd60547fa219e4e26340c693fa.exe	29
PID 2360 wrote to memory of 1284	2360	61ebe1bd60547fa219e4e26340c693fa.exe	29
PID 2360 wrote to memory of 1284	2360	61ebe1bd60547fa219e4e26340c693fa.exe	29

C:\Users\Admin\AppData\Local\Temp\61ebe1bd60547fa219e4e26340c693fa.exe
"C:\Users\Admin\AppData\Local\Temp\61ebe1bd60547fa219e4e26340c693fa.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\61ebe1bd60547fa219e4e26340c693fa.exe
  C:\Users\Admin\AppData\Local\Temp\61ebe1bd60547fa219e4e26340c693fa.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\61ebe1bd60547fa219e4e26340c693fa.exe

Filesize
136KB

MD5
258a7e522ffcc790089f4137419b6a97

SHA1
2df6d176b514d121854e68d59a2437403aaae204

SHA256
87c384882aedc8106f792128370ac2e9f6dfba2441ffb972721d10bb7ff18712

SHA512
b5db333bb8fbed68c08055b40af4e4407f1a374b896ca97478c51252e357d022a554123065aa9b90366ae1417a23ca7b5036f4a7bec189890d8120de9ecd9125

Download Submit
\Users\Admin\AppData\Local\Temp\61ebe1bd60547fa219e4e26340c693fa.exe

Filesize
203KB

MD5
8d21f3151fcbb06d5005375b9b6afd11

SHA1
ed2ae360a882ff4668f12e2f3bc15d4a8fc475e7

SHA256
f4c9c161292780613fd6cbdfaf0525e0d7d7fbaeca873a01e9b593618ba1f568

SHA512
880ffdf82d41ddf9771547a0f4e32aa8871a3e2d0a5f8fe6499bbe2acfe4f88e5d143e2af329e3f4ad0ec9fe627ea2ba69c1adf55dcc344e12c3fd3acd49184b

Download Submit
memory/1284-25-0x00000000030D0000-0x0000000003263000-memory.dmp

Filesize
1.6MB

Download
memory/1284-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1284-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1284-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1284-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1284-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1284-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2360-2-0x0000000000200000-0x00000000002C4000-memory.dmp

Filesize
784KB

Download
memory/2360-15-0x0000000003100000-0x0000000003412000-memory.dmp

Filesize
3.1MB

Download
memory/2360-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2360-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2360-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2360-36-0x0000000003100000-0x0000000003412000-memory.dmp

Filesize
3.1MB

Download