xmrig | 980800d67eab522709c308538d97188b2a089c610fbc8c394054ef174f7512d8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7179c749229f1e2e51765adf39041ccc.exe
Size

784KB
MD5

7179c749229f1e2e51765adf39041ccc
SHA1

1956683210086fa6cbd97f74eecfe8d9a9b5b877
SHA256

980800d67eab522709c308538d97188b2a089c610fbc8c394054ef174f7512d8
SHA512

027fbb6704f5fe6831db27f01391ffdc5bb12e4673eec1de487ff3997f4239c1ebd5d15e53b2d14352b5654f0305a272b747f1d4269eaf72e2606fbb33bb7867
SSDEEP

24576:q1EPlnFTD1kQbKUEsqS7guhWh0i9njh1fBa:qklntJkQOsqiWh0offBa

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral1/memory/1060-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2912-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2912-19-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2912-25-0x0000000003060000-0x00000000031F3000-memory.dmp	xmrig
behavioral1/memory/2912-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2912-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2912-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1060-16-0x0000000003100000-0x0000000003412000-memory.dmp	xmrig
behavioral1/memory/1060-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2912	7179c749229f1e2e51765adf39041ccc.exe

Executes dropped EXE 1 IoCs

pid	Process
2912	7179c749229f1e2e51765adf39041ccc.exe

Loads dropped DLL 1 IoCs

pid	Process
1060	7179c749229f1e2e51765adf39041ccc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1060-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000d000000012246-10.dat	upx
behavioral1/files/0x000d000000012246-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1060	7179c749229f1e2e51765adf39041ccc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1060	7179c749229f1e2e51765adf39041ccc.exe
2912	7179c749229f1e2e51765adf39041ccc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2912	1060	7179c749229f1e2e51765adf39041ccc.exe	17
PID 1060 wrote to memory of 2912	1060	7179c749229f1e2e51765adf39041ccc.exe	17
PID 1060 wrote to memory of 2912	1060	7179c749229f1e2e51765adf39041ccc.exe	17
PID 1060 wrote to memory of 2912	1060	7179c749229f1e2e51765adf39041ccc.exe	17

C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe
"C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe
  C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe

Filesize
29KB

MD5
15472ddc4d187b9e0a4c52600649ed2d

SHA1
93805803974779bf7e9c593de14f4a40019489e5

SHA256
4207ac97bd17c3266758a54f24189a6f7a0552fb985836747aed416cca30f584

SHA512
c038adfdaddcf723c81de7792280bf2fe65922cf46b69871687bcf4c1d287d7cfe3e4fa15380614943b78495c22307f6f98981b77a5aedcd1e92618f997674ec

Download Submit
\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe

Filesize
1KB

MD5
da21e3cbbefce7d98545db6532341be3

SHA1
9536b148393c57638a284df27bcd5a0a7be8bf88

SHA256
8ea6eefdaf34d041a4abb81aee21e65a657a0cebb8db3bbc4532b99d86966d45

SHA512
cb473e19192d2abac9cd7c1965a29c5af55aea519937d528e4a38cc0466ef4b016dddaafc43b33f379303ab4dd32a985783e0db811ac7b22100a06bc1433bba3

Download Submit
memory/1060-16-0x0000000003100000-0x0000000003412000-memory.dmp

Filesize
3.1MB

Download
memory/1060-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1060-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1060-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1060-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2912-21-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2912-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2912-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2912-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2912-25-0x0000000003060000-0x00000000031F3000-memory.dmp

Filesize
1.6MB

Download
memory/2912-19-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2912-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download