xmrig | 879444af048c6c362369c8b6d3bca24aa78dcb628ad20414605e4d370358992e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c6212860a68410b131ac42c28eb023b.exe
Size

784KB
MD5

8c6212860a68410b131ac42c28eb023b
SHA1

5a6d612e38d45cd3c5fcce0e4f1df416bcb72867
SHA256

879444af048c6c362369c8b6d3bca24aa78dcb628ad20414605e4d370358992e
SHA512

2aa006f4d60496dcc4a5b839f04e16f58901dc8f618cccaa91a1aaab29d852b0516202e0b512b11bee6ebbf5d7d0a14b4b5be2d5343309d8d8c52a87540509c3
SSDEEP

24576:yVGIInGDfOx+bsc9tWrc7PW4XG4fe9tA:miGLO2jtWw7PW4XNW

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2940-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2940-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2884-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2884-24-0x0000000002FF0000-0x0000000003183000-memory.dmp	xmrig
behavioral1/memory/2884-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2884-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2884-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2884	8c6212860a68410b131ac42c28eb023b.exe

Executes dropped EXE 1 IoCs

pid	Process
2884	8c6212860a68410b131ac42c28eb023b.exe

Loads dropped DLL 1 IoCs

pid	Process
2940	8c6212860a68410b131ac42c28eb023b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2940-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2884-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000d00000001225c-14.dat	upx
behavioral1/files/0x000d00000001225c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2940	8c6212860a68410b131ac42c28eb023b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2940	8c6212860a68410b131ac42c28eb023b.exe
2884	8c6212860a68410b131ac42c28eb023b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2884	2940	8c6212860a68410b131ac42c28eb023b.exe	17
PID 2940 wrote to memory of 2884	2940	8c6212860a68410b131ac42c28eb023b.exe	17
PID 2940 wrote to memory of 2884	2940	8c6212860a68410b131ac42c28eb023b.exe	17
PID 2940 wrote to memory of 2884	2940	8c6212860a68410b131ac42c28eb023b.exe	17

C:\Users\Admin\AppData\Local\Temp\8c6212860a68410b131ac42c28eb023b.exe
"C:\Users\Admin\AppData\Local\Temp\8c6212860a68410b131ac42c28eb023b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\8c6212860a68410b131ac42c28eb023b.exe
  C:\Users\Admin\AppData\Local\Temp\8c6212860a68410b131ac42c28eb023b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8c6212860a68410b131ac42c28eb023b.exe

Filesize
219KB

MD5
3a014ab5d4d8252773cb18d5a42e1b99

SHA1
8979ca3da11cee3f1013086a3a50e0c0b7819ae7

SHA256
083a88cfdb1e449af72cf41e3295866d49074d2c3695145aa330384fd5479556

SHA512
82b35b29bb5a680723d7aac6323dcefefc072bc29001c4717abac90c81ae25df6fcea7d8e2b46cf6375f44c4bf7583be6a2e1d6728274c740261322433b9a244

Download Submit
\Users\Admin\AppData\Local\Temp\8c6212860a68410b131ac42c28eb023b.exe

Filesize
253KB

MD5
511ef14d85d56f89ece6c9fbf9610492

SHA1
2e8e75b3784169a3552f01600b4f02d1626d7c8f

SHA256
7c9b95757bf751d8ee20f9783b30c72e0ba461c2d907512a75238f4c514f78bb

SHA512
fdec83e2a6a34cda478f85a11db9bade32fff673f6360518e5dac88fbd2fefc8b7fdc292a3df66ae5400e14da9bf28db11076c2259405ca81e33ffd52b48d9a9

Download Submit
memory/2884-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2884-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2884-19-0x0000000000300000-0x00000000003C4000-memory.dmp

Filesize
784KB

Download
memory/2884-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2884-24-0x0000000002FF0000-0x0000000003183000-memory.dmp

Filesize
1.6MB

Download
memory/2884-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2884-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2940-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2940-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2940-1-0x00000000002A0000-0x0000000000364000-memory.dmp

Filesize
784KB

Download
memory/2940-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download