xmrig | 1936c501925f17712d2d40facf3f7450dcaf85de64c1028a2bfaa78fadb4f5ca

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 08:27

Target

7d396bd7d5a4008a1f84c5bfb76072b5.exe
Size

784KB
MD5

7d396bd7d5a4008a1f84c5bfb76072b5
SHA1

b73ca5b6df76314064c747e08a0f15c98cd07ba4
SHA256

1936c501925f17712d2d40facf3f7450dcaf85de64c1028a2bfaa78fadb4f5ca
SHA512

54048db5889a2d71c81b36448189a1861f30eb1b8a2e6286ad35d99e35ceb1a0847bc61f1abe4a0d6d4304da0eca11a080b1fec8ed1613441acaa8c0598ec892
SSDEEP

24576:Qm96fcoc+EY1KDlAoYivbaKKG1N2qhWS7yQK/BU:L96koTEY1Ka4vrjLWzQKZ

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1464-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1464-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3740-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3740-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3740-20-0x00000000053F0000-0x0000000005583000-memory.dmp	xmrig
behavioral2/memory/3740-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3740	7d396bd7d5a4008a1f84c5bfb76072b5.exe

Executes dropped EXE 1 IoCs

pid	Process
3740	7d396bd7d5a4008a1f84c5bfb76072b5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1464-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0009000000023127-11.dat	upx
behavioral2/memory/3740-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1464	7d396bd7d5a4008a1f84c5bfb76072b5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1464	7d396bd7d5a4008a1f84c5bfb76072b5.exe
3740	7d396bd7d5a4008a1f84c5bfb76072b5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 3740	1464	7d396bd7d5a4008a1f84c5bfb76072b5.exe	92
PID 1464 wrote to memory of 3740	1464	7d396bd7d5a4008a1f84c5bfb76072b5.exe	92
PID 1464 wrote to memory of 3740	1464	7d396bd7d5a4008a1f84c5bfb76072b5.exe	92

C:\Users\Admin\AppData\Local\Temp\7d396bd7d5a4008a1f84c5bfb76072b5.exe

Filesize
147KB

MD5
b0805931148a2b1f7b2e694752fb5461

SHA1
9d71a648f865252f7f53ccf1ef9474cfe0d029cf

SHA256
a41ddab1f4cdd384a38ffbe1d5bab96ce999553a227824e2850d593ad4ff7890

SHA512
af7b59856681054f8ee945b5fbe5a16171440f6d12ffeb819c8bf61629b09037aea214fd913640c6e786463e8eb63402ccbe820cf307bddc49b66e81b72349b8

Download Submit
memory/1464-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1464-1-0x0000000001A30000-0x0000000001AF4000-memory.dmp

Filesize
784KB

Download
memory/1464-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1464-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3740-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3740-16-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3740-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3740-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3740-20-0x00000000053F0000-0x0000000005583000-memory.dmp

Filesize
1.6MB

Download
memory/3740-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download