xmrig | 8d1f8dbe2a8cd2abaec66386ccb0cbff13d22a461f7b91c06ae82185f8bd23ab

Analysis

max time kernel
148s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89b448b33ed862185a92421da6e15c25.exe
Size

784KB
MD5

89b448b33ed862185a92421da6e15c25
SHA1

2331d4e91f540666da1ac6666c61e3ee43b57231
SHA256

8d1f8dbe2a8cd2abaec66386ccb0cbff13d22a461f7b91c06ae82185f8bd23ab
SHA512

5f1717afd4a62d123a0fcfe52b4f6747f0af8c9b32573cf0eaa3b42c4a63d3c31147b11df6c0eca03ceb221988ae1aea78d82f167e7817792400183bae2015df
SSDEEP

12288:rYYZyVu/PRLxsQKhdmCpcvVrIW4H2qjYmUOgCNQAd6zFKGQw1ZTYHtuiO26VJ1xC:rYt4/PIQKgtz+pjYDCeM6hKliyJg1xd

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1724-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1724-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2372-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2372-22-0x0000000005440000-0x00000000055D3000-memory.dmp	xmrig
behavioral2/memory/2372-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2372-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2372	89b448b33ed862185a92421da6e15c25.exe

Executes dropped EXE 1 IoCs

pid	Process
2372	89b448b33ed862185a92421da6e15c25.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1724-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/2372-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00080000000231e6-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1724	89b448b33ed862185a92421da6e15c25.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1724	89b448b33ed862185a92421da6e15c25.exe
2372	89b448b33ed862185a92421da6e15c25.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2372	1724	89b448b33ed862185a92421da6e15c25.exe	18
PID 1724 wrote to memory of 2372	1724	89b448b33ed862185a92421da6e15c25.exe	18
PID 1724 wrote to memory of 2372	1724	89b448b33ed862185a92421da6e15c25.exe	18

C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe
"C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe
  C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\89b448b33ed862185a92421da6e15c25.exe

Filesize
140KB

MD5
9f746426af2c885877c66f90712d965b

SHA1
b5b006dd16673423282df8c79d60bb26f5031fe6

SHA256
28d52449357c24e2085ebacc402616bb6ad62070f835411eec8647522be4d833

SHA512
6b4d967a0c6783dd5aa1c49aa3626d6542a15335a1e77cc3297062df946f0e2cac9706f6e3c5cbca9547bcf3bd18af8a50bd4f599092ba5b925979c3f3a541e7

Download Submit
memory/1724-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1724-1-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/1724-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1724-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2372-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2372-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2372-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2372-22-0x0000000005440000-0x00000000055D3000-memory.dmp

Filesize
1.6MB

Download
memory/2372-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2372-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download