xmrig | b1d4db2148690168cbc9d05b0abb2f981378a05540e6853ce7edbab120d15a9e

Analysis

max time kernel
147s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fbe7673bb1e6fa318291eaa3c578a19.exe
Size

784KB
MD5

6fbe7673bb1e6fa318291eaa3c578a19
SHA1

e88b93936c80fefc15f3a1b060ca0c8d7e8a9f9a
SHA256

b1d4db2148690168cbc9d05b0abb2f981378a05540e6853ce7edbab120d15a9e
SHA512

4c99dde5569a2f9eac5e0106732d8f12ba5a7d04274bf0e7d170f47dd663e251a1527ca66dc84917a0a7948ad33967d0d7ffaa2ca7aa35248d971cd79fc26d5c
SSDEEP

24576:SZYh3MTc8Gd5sRx1sr79uaZ0vYo82oHeUi:SwMboox1srhuaOB8NG

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4332-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4332-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4996-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4996-20-0x0000000005390000-0x0000000005523000-memory.dmp	xmrig
behavioral2/memory/4996-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4996-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/4996-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4996	6fbe7673bb1e6fa318291eaa3c578a19.exe

Executes dropped EXE 1 IoCs

pid	Process
4996	6fbe7673bb1e6fa318291eaa3c578a19.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4332-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0006000000023242-11.dat	upx
behavioral2/memory/4996-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4332	6fbe7673bb1e6fa318291eaa3c578a19.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4332	6fbe7673bb1e6fa318291eaa3c578a19.exe
4996	6fbe7673bb1e6fa318291eaa3c578a19.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 4996	4332	6fbe7673bb1e6fa318291eaa3c578a19.exe	90
PID 4332 wrote to memory of 4996	4332	6fbe7673bb1e6fa318291eaa3c578a19.exe	90
PID 4332 wrote to memory of 4996	4332	6fbe7673bb1e6fa318291eaa3c578a19.exe	90

C:\Users\Admin\AppData\Local\Temp\6fbe7673bb1e6fa318291eaa3c578a19.exe
"C:\Users\Admin\AppData\Local\Temp\6fbe7673bb1e6fa318291eaa3c578a19.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Users\Admin\AppData\Local\Temp\6fbe7673bb1e6fa318291eaa3c578a19.exe
  C:\Users\Admin\AppData\Local\Temp\6fbe7673bb1e6fa318291eaa3c578a19.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6fbe7673bb1e6fa318291eaa3c578a19.exe

Filesize
740KB

MD5
a84faeb128604a23c6517c5c9ef98089

SHA1
497c08a73d2dd87a4a9d33e4511358b53cf20601

SHA256
7aef956465194fa72d99f147861afe217a1173e2b3c0dca57a5e7f997d5096a7

SHA512
6182c6b067077a359403750d28f379f0c5929bcfd38be8b5127e44135f850b771f900a5b048c6990537a5d334c79f83b7926115bc3aabf187c7ab67f43866493

Download Submit
memory/4332-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4332-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4332-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4332-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4996-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4996-14-0x0000000001B20000-0x0000000001BE4000-memory.dmp

Filesize
784KB

Download
memory/4996-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4996-20-0x0000000005390000-0x0000000005523000-memory.dmp

Filesize
1.6MB

Download
memory/4996-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4996-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/4996-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download