xmrig | 980800d67eab522709c308538d97188b2a089c610fbc8c394054ef174f7512d8

Analysis

max time kernel
146s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7179c749229f1e2e51765adf39041ccc.exe
Size

784KB
MD5

7179c749229f1e2e51765adf39041ccc
SHA1

1956683210086fa6cbd97f74eecfe8d9a9b5b877
SHA256

980800d67eab522709c308538d97188b2a089c610fbc8c394054ef174f7512d8
SHA512

027fbb6704f5fe6831db27f01391ffdc5bb12e4673eec1de487ff3997f4239c1ebd5d15e53b2d14352b5654f0305a272b747f1d4269eaf72e2606fbb33bb7867
SSDEEP

24576:q1EPlnFTD1kQbKUEsqS7guhWh0i9njh1fBa:qklntJkQOsqiWh0offBa

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2292-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2292-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5752-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/5752-20-0x00000000054A0000-0x0000000005633000-memory.dmp	xmrig
behavioral2/memory/5752-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/5752-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
5752	7179c749229f1e2e51765adf39041ccc.exe

Executes dropped EXE 1 IoCs

pid	Process
5752	7179c749229f1e2e51765adf39041ccc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2292-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000c000000023151-11.dat	upx
behavioral2/memory/5752-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2292	7179c749229f1e2e51765adf39041ccc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2292	7179c749229f1e2e51765adf39041ccc.exe
5752	7179c749229f1e2e51765adf39041ccc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 5752	2292	7179c749229f1e2e51765adf39041ccc.exe	21
PID 2292 wrote to memory of 5752	2292	7179c749229f1e2e51765adf39041ccc.exe	21
PID 2292 wrote to memory of 5752	2292	7179c749229f1e2e51765adf39041ccc.exe	21

C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe
"C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe
  C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:5752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7179c749229f1e2e51765adf39041ccc.exe

Filesize
47KB

MD5
178b42674a8bfec037adb14b2f4135df

SHA1
37783c98abe6a31bf0f26aa778377ec5509f16e7

SHA256
9f2ef6d4b8cd6106725109d420f284179c2bc18f51550e2e2e7fdfb2924ff182

SHA512
4b9354b8dd47a0a4d592ecb12de3302c117e39c4a0062aab50b5aca6a3fd80ba7ed3fda13c21f469b9dae5caefe4a203cf8c5b92c03457a205f082fcef34d3cf

Download Submit
memory/2292-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2292-1-0x0000000001B00000-0x0000000001BC4000-memory.dmp

Filesize
784KB

Download
memory/2292-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2292-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/5752-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/5752-14-0x0000000001AB0000-0x0000000001B74000-memory.dmp

Filesize
784KB

Download
memory/5752-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5752-20-0x00000000054A0000-0x0000000005633000-memory.dmp

Filesize
1.6MB

Download
memory/5752-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5752-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download