xmrig | 036abd1dd8d2e4a4d7b421553406fb0a5637d908e9c49049a6ce7dd7328fd0d0

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66e36fa21ca1f15bc7c1141a45774b4c.exe
Size

784KB
MD5

66e36fa21ca1f15bc7c1141a45774b4c
SHA1

fbf5abfd17b963141fd65f31766335190f0001dc
SHA256

036abd1dd8d2e4a4d7b421553406fb0a5637d908e9c49049a6ce7dd7328fd0d0
SHA512

23ce12585135bf11b40fbd60176e864ff5feca38a4700edce5cae9641660c639b5f6e526b9079e62f3e2409c8fb049f08834b9e796a5c0483a590dd74c27fc02
SSDEEP

24576:LMi/zPC8v7QvxLC4bmWSh8okbEtCQ1yh2Ty:4CzPZv7Qu4bDSh8o8hQcWy

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4696-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4696-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1412-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1412-20-0x0000000005420000-0x00000000055B3000-memory.dmp	xmrig
behavioral2/memory/1412-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1412-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1412	66e36fa21ca1f15bc7c1141a45774b4c.exe

Executes dropped EXE 1 IoCs

pid	Process
1412	66e36fa21ca1f15bc7c1141a45774b4c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4696-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00080000000231e6-11.dat	upx
behavioral2/memory/1412-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4696	66e36fa21ca1f15bc7c1141a45774b4c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4696	66e36fa21ca1f15bc7c1141a45774b4c.exe
1412	66e36fa21ca1f15bc7c1141a45774b4c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 1412	4696	66e36fa21ca1f15bc7c1141a45774b4c.exe	61
PID 4696 wrote to memory of 1412	4696	66e36fa21ca1f15bc7c1141a45774b4c.exe	61
PID 4696 wrote to memory of 1412	4696	66e36fa21ca1f15bc7c1141a45774b4c.exe	61

C:\Users\Admin\AppData\Local\Temp\66e36fa21ca1f15bc7c1141a45774b4c.exe
"C:\Users\Admin\AppData\Local\Temp\66e36fa21ca1f15bc7c1141a45774b4c.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Users\Admin\AppData\Local\Temp\66e36fa21ca1f15bc7c1141a45774b4c.exe
  C:\Users\Admin\AppData\Local\Temp\66e36fa21ca1f15bc7c1141a45774b4c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\66e36fa21ca1f15bc7c1141a45774b4c.exe

Filesize
304KB

MD5
fed4637e13dabf2c5fed0ac0ef513c42

SHA1
08fff97d851493a60668ae5a5df094c2c6d1e25f

SHA256
a7bc541ccadde7f1b01b2080e0dd23e88c84c4d67bba533ba8b71db0ff132c20

SHA512
9e2cdc1312a249b9ed978c88b01498ae19e7c9b86ec1cfd188e09b3496792ee8359515804b323bbc503adc4e0f2d7e20d39dbc9b78573ba4a711c874466b93ec

Download Submit
memory/1412-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1412-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1412-16-0x0000000001A30000-0x0000000001AF4000-memory.dmp

Filesize
784KB

Download
memory/1412-20-0x0000000005420000-0x00000000055B3000-memory.dmp

Filesize
1.6MB

Download
memory/1412-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1412-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4696-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4696-1-0x0000000001910000-0x00000000019D4000-memory.dmp

Filesize
784KB

Download
memory/4696-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4696-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download