xmrig | 8791615d7ecd6515e6a0295a2d86638609aa2be21e7a1d2c5f526a3f36830880

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b7138bcb616413a4d4e2b70da8cc64b.exe
Size

1.5MB
MD5

9b7138bcb616413a4d4e2b70da8cc64b
SHA1

70b6542b9a2e9ee344e0dd8668f853f3997962db
SHA256

8791615d7ecd6515e6a0295a2d86638609aa2be21e7a1d2c5f526a3f36830880
SHA512

3c135e80221bec26a03fe109da91367a8be1f092c4ea61fb7dd492ff772dd8a55257e857128f762167165e6b6aa0fc8306971dc43764b95947151acd2eb5f5cd
SSDEEP

24576:v3JlEZC7LOYQ0jyaWF9hftPFGtv27M+NEgt/LfIAaiN9Diwr5hTSaLoJGCtN0E+s:BF7aQyaCh1PFGtvwM+1LPNBiw1jM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/452-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/452-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2988-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2988-21-0x0000000005340000-0x00000000054D3000-memory.dmp	xmrig
behavioral2/memory/2988-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2988-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/2988-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2988	9b7138bcb616413a4d4e2b70da8cc64b.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	9b7138bcb616413a4d4e2b70da8cc64b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/452-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0006000000023228-11.dat	upx
behavioral2/memory/2988-12-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
452	9b7138bcb616413a4d4e2b70da8cc64b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
452	9b7138bcb616413a4d4e2b70da8cc64b.exe
2988	9b7138bcb616413a4d4e2b70da8cc64b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 2988	452	9b7138bcb616413a4d4e2b70da8cc64b.exe	91
PID 452 wrote to memory of 2988	452	9b7138bcb616413a4d4e2b70da8cc64b.exe	91
PID 452 wrote to memory of 2988	452	9b7138bcb616413a4d4e2b70da8cc64b.exe	91

C:\Users\Admin\AppData\Local\Temp\9b7138bcb616413a4d4e2b70da8cc64b.exe
"C:\Users\Admin\AppData\Local\Temp\9b7138bcb616413a4d4e2b70da8cc64b.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Users\Admin\AppData\Local\Temp\9b7138bcb616413a4d4e2b70da8cc64b.exe
  C:\Users\Admin\AppData\Local\Temp\9b7138bcb616413a4d4e2b70da8cc64b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9b7138bcb616413a4d4e2b70da8cc64b.exe

Filesize
23KB

MD5
fc73c7c6ea2ffbdd70673aee4994a481

SHA1
8ccd939eaac81e4de9e1656e7c46a063c05c66a5

SHA256
58b8b4774e42c30b2e6a47ac75547d1931d85e6cdf0b80451932ba16d80aa51a

SHA512
dde1a1b18d69dbff5dabb7166960c5fcd1755a294169908e53d61d59f408495935ec1e9db07d03c6a51525636dc5f7cb98f5eae317832fb4c60734c6273ecf51

Download Submit
memory/452-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/452-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/452-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/452-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2988-12-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2988-15-0x0000000001AD0000-0x0000000001B94000-memory.dmp

Filesize
784KB

Download
memory/2988-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2988-21-0x0000000005340000-0x00000000054D3000-memory.dmp

Filesize
1.6MB

Download
memory/2988-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2988-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2988-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download