xmrig | 8d1f8dbe2a8cd2abaec66386ccb0cbff13d22a461f7b91c06ae82185f8bd23ab

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89b448b33ed862185a92421da6e15c25.exe
Size

784KB
MD5

89b448b33ed862185a92421da6e15c25
SHA1

2331d4e91f540666da1ac6666c61e3ee43b57231
SHA256

8d1f8dbe2a8cd2abaec66386ccb0cbff13d22a461f7b91c06ae82185f8bd23ab
SHA512

5f1717afd4a62d123a0fcfe52b4f6747f0af8c9b32573cf0eaa3b42c4a63d3c31147b11df6c0eca03ceb221988ae1aea78d82f167e7817792400183bae2015df
SSDEEP

12288:rYYZyVu/PRLxsQKhdmCpcvVrIW4H2qjYmUOgCNQAd6zFKGQw1ZTYHtuiO26VJ1xC:rYt4/PIQKgtz+pjYDCeM6hKliyJg1xd

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral1/memory/2148-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2212-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2212-19-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2212-27-0x0000000003050000-0x00000000031E3000-memory.dmp	xmrig
behavioral1/memory/2212-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2212-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2212-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2148-16-0x0000000003230000-0x0000000003542000-memory.dmp	xmrig
behavioral1/memory/2148-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2212	89b448b33ed862185a92421da6e15c25.exe

Executes dropped EXE 1 IoCs

pid	Process
2212	89b448b33ed862185a92421da6e15c25.exe

Loads dropped DLL 1 IoCs

pid	Process
2148	89b448b33ed862185a92421da6e15c25.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2148-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a00000001224e-10.dat	upx
behavioral1/files/0x000a00000001224e-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2148	89b448b33ed862185a92421da6e15c25.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2148	89b448b33ed862185a92421da6e15c25.exe
2212	89b448b33ed862185a92421da6e15c25.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2212	2148	89b448b33ed862185a92421da6e15c25.exe	17
PID 2148 wrote to memory of 2212	2148	89b448b33ed862185a92421da6e15c25.exe	17
PID 2148 wrote to memory of 2212	2148	89b448b33ed862185a92421da6e15c25.exe	17
PID 2148 wrote to memory of 2212	2148	89b448b33ed862185a92421da6e15c25.exe	17

C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe
C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2212

C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe
"C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe

Filesize
32KB

MD5
f190685db7cefd882632db12c97b5315

SHA1
84b666d649bc1839bfe9584fd2ad8055e039a12e

SHA256
1ec82bfded76413ff8654d0385924b07f55e767f3e2de2906d22e2591bdeb59e

SHA512
d08bcdd67884dfbb9cd7479a7b217aaae1094ab71ec50e03737e9f84aaa560e24b802bab3c1d048e74e25774db6ad21c238049a8a32ad0f22dcbde403f494cdb

Download Submit
\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe

Filesize
134KB

MD5
3d21d814c861591351a70a6dd158b29b

SHA1
13dcdf46a6570f0cde4290397a7931837f1a64c1

SHA256
11d573a8ab6d46ea2bcaa707bccadff383a7693601b4d55b46fcdb37a8e2e9da

SHA512
9dd141eb2a0cda6cd3d95ff44d6b8d60452956988f51c5b166db9f594416cf42c31e3c6191bbba75c15036a37c8a84c3a5f8c469f0fb5eaa444eb9922c75581e

Download Submit
memory/2148-16-0x0000000003230000-0x0000000003542000-memory.dmp

Filesize
3.1MB

Download
memory/2148-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2148-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2148-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2148-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2212-19-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2212-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2212-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2212-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2212-21-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2212-27-0x0000000003050000-0x00000000031E3000-memory.dmp

Filesize
1.6MB

Download
memory/2212-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download