xmrig | 53bfee5bc0fd1c6245c0b662898493f8cae790833d3413d7ad3804ed4f51e2cc

Analysis

max time kernel
139s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ada3bf8a0ccc74042e33fc2a8ed4113.exe
Size

784KB
MD5

8ada3bf8a0ccc74042e33fc2a8ed4113
SHA1

76c34d7a1ca20500a643758f6f5d87ceb66ab067
SHA256

53bfee5bc0fd1c6245c0b662898493f8cae790833d3413d7ad3804ed4f51e2cc
SHA512

d727864f931c2f04eebd7949e0d7304aac0d1c946062e8a38c888df94c67b206577d9448761011697a2ba689267f228b9b866b30ca5296f45514adae23ccd02b
SSDEEP

24576:QgXYSQ9OH1QjhPNBtRo1wwwsewPN74LS6R6Q:ZZWjtRZNc4L7

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4784-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4784-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4792-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4792-21-0x00000000053C0000-0x0000000005553000-memory.dmp	xmrig
behavioral2/memory/4792-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4792-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4792	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Executes dropped EXE 1 IoCs

pid	Process
4792	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4784-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0010000000023169-11.dat	upx
behavioral2/memory/4792-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4784	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4784	8ada3bf8a0ccc74042e33fc2a8ed4113.exe
4792	8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4792	4784	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	92
PID 4784 wrote to memory of 4792	4784	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	92
PID 4784 wrote to memory of 4792	4784	8ada3bf8a0ccc74042e33fc2a8ed4113.exe	92

C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe
"C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe
  C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8ada3bf8a0ccc74042e33fc2a8ed4113.exe

Filesize
322KB

MD5
91c0abe99e1196a8dfe9003fbb826340

SHA1
8990b05f678d729d8ff612c590bda1ba420c371c

SHA256
bf7014c964db7c5a9dff1a8b126268a545ed6bb9b8dc1381cc097a4942f4209a

SHA512
e76e92e53562382b9100011447c4ed47cc49f822b8e30a543e15ec30796128b4e29cc8233962b0fba64f65cc36524952b40a540614418e2dfa610eff7db51dd5

Download Submit
memory/4784-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4784-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4784-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4784-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4792-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4792-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4792-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4792-21-0x00000000053C0000-0x0000000005553000-memory.dmp

Filesize
1.6MB

Download
memory/4792-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4792-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download