xmrig | 02ccfff79b3bc65e225ccee27b0dcffe5692de38f052b889ecfe7d662c657cae

Analysis

max time kernel
90s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72ed04a82a525771600b0dbeb113cf4e.exe
Size

1.5MB
MD5

72ed04a82a525771600b0dbeb113cf4e
SHA1

cb75bfadac5f84a4f7ce1d6aaa672fc7406b4820
SHA256

02ccfff79b3bc65e225ccee27b0dcffe5692de38f052b889ecfe7d662c657cae
SHA512

979d5e3b931096e2e4bffb4fc559deebd75bab01ff8361dde60e957f73fceed12ad9aa15a9299d7bd6d7b5871c5c32ca2c6c374955ad51278a05f3a05d47c670
SSDEEP

24576:PAlU7j8ZWZzU0xl67Y47o72+/plQO1Xjna00fiZKHMrLHl49+tDWQXgx5GZH:PAZWZG17o7/p+cXjn7EHiLF4EtDz0

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4704-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1712-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1712-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1712-20-0x00000000053B0000-0x0000000005543000-memory.dmp	xmrig
behavioral2/memory/1712-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4704-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1712	72ed04a82a525771600b0dbeb113cf4e.exe

Executes dropped EXE 1 IoCs

pid	Process
1712	72ed04a82a525771600b0dbeb113cf4e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4704-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000c000000023170-11.dat	upx
behavioral2/memory/1712-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4704	72ed04a82a525771600b0dbeb113cf4e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4704	72ed04a82a525771600b0dbeb113cf4e.exe
1712	72ed04a82a525771600b0dbeb113cf4e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 1712	4704	72ed04a82a525771600b0dbeb113cf4e.exe	19
PID 4704 wrote to memory of 1712	4704	72ed04a82a525771600b0dbeb113cf4e.exe	19
PID 4704 wrote to memory of 1712	4704	72ed04a82a525771600b0dbeb113cf4e.exe	19

C:\Users\Admin\AppData\Local\Temp\72ed04a82a525771600b0dbeb113cf4e.exe
"C:\Users\Admin\AppData\Local\Temp\72ed04a82a525771600b0dbeb113cf4e.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Users\Admin\AppData\Local\Temp\72ed04a82a525771600b0dbeb113cf4e.exe
  C:\Users\Admin\AppData\Local\Temp\72ed04a82a525771600b0dbeb113cf4e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\72ed04a82a525771600b0dbeb113cf4e.exe

Filesize
31KB

MD5
63baab1fc13b3ea1fcf2442b38d95698

SHA1
a697471c05ea9d538ee3eac55bb88d6ef57a53eb

SHA256
bfedb04baf8742c593c2751d1dad5d4015e3f869e1394acd4af44346ad912f99

SHA512
e86c0b66c840b79701e44268389a5ebaf2b0ed8bed204918d32c850cd607cc8f71c1bd8a6e69afadc430d25dba5ce275c588d5da95e701476436f5fa061a334b

Download Submit
memory/1712-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1712-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1712-20-0x00000000053B0000-0x0000000005543000-memory.dmp

Filesize
1.6MB

Download
memory/1712-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1712-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1712-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4704-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4704-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4704-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4704-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download