xmrig | a6a0afb3f7756286d4ace9040894039e0dc87dfe1f3e9deb84b8901f4da3b9f3

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94e4a0185d4ab41db135c3c5435b8ea6.exe
Size

2.3MB
MD5

94e4a0185d4ab41db135c3c5435b8ea6
SHA1

2ab9ac558eaff55e14eaeb49de1c6625c17dfb08
SHA256

a6a0afb3f7756286d4ace9040894039e0dc87dfe1f3e9deb84b8901f4da3b9f3
SHA512

1e7f6679780d4e8ca6a28de55f79346045ab07d4091006f4fb174d4e8940773015153477dfc64880dbb383a933b5a04e7910b272445dfc72f402e906f5a78fdd
SSDEEP

49152:uipvm0NzgezTX7KVFY7Vap82mA+vbnYsRw/EJ1EGuP:uKzgeHX+Le4Ks+jY5cxu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/3260-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3260-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4308-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4308-21-0x0000000005300000-0x0000000005493000-memory.dmp	xmrig
behavioral2/memory/4308-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4308-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4308-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4308	94e4a0185d4ab41db135c3c5435b8ea6.exe

Executes dropped EXE 1 IoCs

pid	Process
4308	94e4a0185d4ab41db135c3c5435b8ea6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3260-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/4308-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023230-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3260	94e4a0185d4ab41db135c3c5435b8ea6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3260	94e4a0185d4ab41db135c3c5435b8ea6.exe
4308	94e4a0185d4ab41db135c3c5435b8ea6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 4308	3260	94e4a0185d4ab41db135c3c5435b8ea6.exe	23
PID 3260 wrote to memory of 4308	3260	94e4a0185d4ab41db135c3c5435b8ea6.exe	23
PID 3260 wrote to memory of 4308	3260	94e4a0185d4ab41db135c3c5435b8ea6.exe	23

C:\Users\Admin\AppData\Local\Temp\94e4a0185d4ab41db135c3c5435b8ea6.exe
"C:\Users\Admin\AppData\Local\Temp\94e4a0185d4ab41db135c3c5435b8ea6.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Users\Admin\AppData\Local\Temp\94e4a0185d4ab41db135c3c5435b8ea6.exe
  C:\Users\Admin\AppData\Local\Temp\94e4a0185d4ab41db135c3c5435b8ea6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\94e4a0185d4ab41db135c3c5435b8ea6.exe

Filesize
143KB

MD5
55c0f9a347daae47604f64f3f109762a

SHA1
afead1b0170adbd8410f2b2a8fb5ddea81269780

SHA256
668a1472ce2aa387064045cdf68841118752701bd85ba500505139f77a5c5846

SHA512
83f3714cb4bdfc42839580ca6abc10c6bae0a57bf66b37e878b6dd03ca4eec3343fe09fd0fe3613190b9fa991bf27fb5bf2a87a05723550b0776a7ef622c1ed8

Download Submit
memory/3260-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3260-1-0x0000000001A60000-0x0000000001B24000-memory.dmp

Filesize
784KB

Download
memory/3260-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3260-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4308-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4308-21-0x0000000005300000-0x0000000005493000-memory.dmp

Filesize
1.6MB

Download
memory/4308-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4308-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4308-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/4308-16-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/4308-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download