xmrig | 091302a18e1bf85de2cdede03e15bb0c8f8ea01568a72745df2e0fabc5b74efd

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67b29069068075b7818ec84bf5382e9f.exe
Size

1.5MB
MD5

67b29069068075b7818ec84bf5382e9f
SHA1

c169882de30bc7e31a6b8c0454aa19eaa46ecf62
SHA256

091302a18e1bf85de2cdede03e15bb0c8f8ea01568a72745df2e0fabc5b74efd
SHA512

bad15bfef43137c2054c3407a488db890648e42406f70b28eb06886fcf62bc4e6e49270f86bfd893a18c899560663c04ec7a4861cc913d76cc1e655dd9505916
SSDEEP

24576:puoKwKdYObCAqkBktLtNsaFujWi+0YlfMg3xvWRUMn0Vj75CFtBrpBkS05i7XxVW:pujdYhmuWsHiHgdEKHMtrfd0k7XbWFt

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2296-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2296-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1952-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1952-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1952-25-0x00000000033D0000-0x0000000003563000-memory.dmp	xmrig
behavioral1/memory/1952-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1952-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1952	67b29069068075b7818ec84bf5382e9f.exe

Executes dropped EXE 1 IoCs

pid	Process
1952	67b29069068075b7818ec84bf5382e9f.exe

Loads dropped DLL 1 IoCs

pid	Process
2296	67b29069068075b7818ec84bf5382e9f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000014439-10.dat	upx
behavioral1/files/0x000a000000014439-14.dat	upx
behavioral1/memory/1952-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2296	67b29069068075b7818ec84bf5382e9f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2296	67b29069068075b7818ec84bf5382e9f.exe
1952	67b29069068075b7818ec84bf5382e9f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1952	2296	67b29069068075b7818ec84bf5382e9f.exe	25
PID 2296 wrote to memory of 1952	2296	67b29069068075b7818ec84bf5382e9f.exe	25
PID 2296 wrote to memory of 1952	2296	67b29069068075b7818ec84bf5382e9f.exe	25
PID 2296 wrote to memory of 1952	2296	67b29069068075b7818ec84bf5382e9f.exe	25

C:\Users\Admin\AppData\Local\Temp\67b29069068075b7818ec84bf5382e9f.exe
"C:\Users\Admin\AppData\Local\Temp\67b29069068075b7818ec84bf5382e9f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\67b29069068075b7818ec84bf5382e9f.exe
  C:\Users\Admin\AppData\Local\Temp\67b29069068075b7818ec84bf5382e9f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\67b29069068075b7818ec84bf5382e9f.exe

Filesize
282KB

MD5
19ca040b2f290a08f2f304d54caa7236

SHA1
deb84806a9ecbe81399053aa906e4c993a44afb3

SHA256
6484058660efd7643a76cc2466eb7ac70bb786df607406c69832c827bed02d04

SHA512
772f3a9efbf47a35182551d59e8ef6eaef5b3786be9c52a5dfeaab18aebc1582c24ebb0785015b416033f0c71b1b9a6308180119778331183cea5f8f14881155

Download Submit
\Users\Admin\AppData\Local\Temp\67b29069068075b7818ec84bf5382e9f.exe

Filesize
310KB

MD5
f407623fd3ba4249b2ff8afe8f96ba25

SHA1
dd162df659265813a839ee084b7993dd3aea2ac6

SHA256
f4dfaf16118b4d76e336f1a2b2e0f20d0640ba026d4293ebf7b4319727514ac2

SHA512
4ace5baf878bf0995402cb1ad57145123cd9bae393149ff3081daaeebd9bc16a871d8fc8cb8992738fcb556d66dd1e593d66fb29095abc37f20510bbc5b0cd95

Download Submit
memory/1952-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1952-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1952-20-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1952-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1952-25-0x00000000033D0000-0x0000000003563000-memory.dmp

Filesize
1.6MB

Download
memory/1952-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1952-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2296-4-0x0000000000200000-0x00000000002C4000-memory.dmp

Filesize
784KB

Download
memory/2296-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2296-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2296-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download