xmrig | 53bfee5bc0fd1c6245c0b662898493f8cae790833d3413d7ad3804ed4f51e2cc

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ada3bf8a0ccc74042e33fc2a8ed4113.exe
Size

784KB
MD5

8ada3bf8a0ccc74042e33fc2a8ed4113
SHA1

76c34d7a1ca20500a643758f6f5d87ceb66ab067
SHA256

53bfee5bc0fd1c6245c0b662898493f8cae790833d3413d7ad3804ed4f51e2cc
SHA512

d727864f931c2f04eebd7949e0d7304aac0d1c946062e8a38c888df94c67b206577d9448761011697a2ba689267f228b9b866b30ca5296f45514adae23ccd02b
SSDEEP

24576:QgXYSQ9OH1QjhPNBtRo1wwwsewPN74LS6R6Q:ZZWjtRZNc4L7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2108-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2108-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2852-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2852-24-0x0000000003090000-0x0000000003223000-memory.dmp	xmrig
behavioral1/memory/2852-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2852-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2852-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2852	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Executes dropped EXE 1 IoCs

pid	Process
2852	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Loads dropped DLL 1 IoCs

pid	Process
2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2108-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012243-16.dat	upx
behavioral1/memory/2108-15-0x0000000003120000-0x0000000003432000-memory.dmp	upx
behavioral1/memory/2852-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012243-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe
2852	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2852	2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	29
PID 2108 wrote to memory of 2852	2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	29
PID 2108 wrote to memory of 2852	2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	29
PID 2108 wrote to memory of 2852	2108	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	29

C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe
"C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe
  C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Filesize
784KB

MD5
b96d4659feb930814ec7c8dabf30c4cc

SHA1
b8beb17f901ebf4182d3ca27c01a970d068adbe1

SHA256
85b0b630e66e49d5a67db958b8570123e164ee8d3e9db72ae1fab44e71bed05e

SHA512
efa069cd8cb67c556e53316da869a9b217725b0c197aeb11e2db503293da1ebe68a9660dfd7c5cc755f66cfbebb86ed814e2c2348b38caad52fdd6b2b2732bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Filesize
384KB

MD5
f8ba54844307c2caf849ec165d9b2752

SHA1
fdc64c95358c761b1ea766a15b154c40361ec64f

SHA256
c25287888eb0d10d8d38640309c2b5875f8ab5c14bbe859851ae185ba1d456fa

SHA512
486add6c8794f75e51daa88de2fdbe3935368baf9d65120fdf3340685ab0e5015368659489f0013a70b15a23926ffe297b187e5798bd9ee9ae502971e3262125

Download Submit
memory/2108-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2108-3-0x00000000002C0000-0x0000000000384000-memory.dmp

Filesize
784KB

Download
memory/2108-15-0x0000000003120000-0x0000000003432000-memory.dmp

Filesize
3.1MB

Download
memory/2108-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2108-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2852-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2852-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2852-18-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2852-24-0x0000000003090000-0x0000000003223000-memory.dmp

Filesize
1.6MB

Download
memory/2852-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2852-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2852-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download