Overview

overview

10

Static

static

7

9dd0014954...2e.exe

windows7-x64

10

9dd0014954...2e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    159s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9dd001495484b62a6383c44fc5472d2e.exe

  • Size

    1.5MB

  • MD5

    9dd001495484b62a6383c44fc5472d2e

  • SHA1

    694b611b45e53a2a7b23c4f4d1b76dae71416b46

  • SHA256

    8cf62bcd5f42a60b30a2fc2f5b95294b2cb56c7554ed633129dd2ea8809fbace

  • SHA512

    0f3b5eb548bde57591bda32e2ee88876509808ed1c873feb988ea7f42d5d94220ed184a4189443a746f95312ef7e92350fb49fd966f6793e72db96b95f7ea5b1

  • SSDEEP

    49152:5FOryRmL2fEKQg1ohaWVB9Dwowra1qnn2:qrykL2PxiBDwrk

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dd001495484b62a6383c44fc5472d2e.exe
    "C:\Users\Admin\AppData\Local\Temp\9dd001495484b62a6383c44fc5472d2e.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Users\Admin\AppData\Local\Temp\9dd001495484b62a6383c44fc5472d2e.exe
      C:\Users\Admin\AppData\Local\Temp\9dd001495484b62a6383c44fc5472d2e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3632

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\9dd001495484b62a6383c44fc5472d2e.exe
          Filesize

          784KB

          MD5

          f2f25f9b623ee807eb7c52aaa46243aa

          SHA1

          569bd3eea8bc95848174ac7fec3df958fbdaf158

          SHA256

          e69323405ad09c71c4a50d5231f8ec49a4e666508cf06578b077f7e9bbc06183

          SHA512

          3653bfc2164b1953cd9109c9145263e67e58588116b146fffad5e21f2d3d63dd42f6df098549d3dbc8bcfdbd072efa56eee8131d7c9f9392bd5a89ceeb3f5342

          Download Submit

        • memory/1896-0-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/1896-1-0x00000000017F0000-0x00000000018B4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/1896-2-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/1896-13-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3632-14-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3632-16-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3632-15-0x0000000001980000-0x0000000001A44000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3632-21-0x0000000005370000-0x0000000005503000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3632-22-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3632-31-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download