xmrig | 2c4cc86422e75fbcc0edc041ef35b4cd7df857d3dda6313d6bf67227fa9403c7

Analysis

max time kernel
166s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 13:42

Target

aa8a2796fe338226bbf4dcdd68ea0e77.exe
Size

784KB
MD5

aa8a2796fe338226bbf4dcdd68ea0e77
SHA1

a05ca15d761cd42f6cb04a1a259981073879b944
SHA256

2c4cc86422e75fbcc0edc041ef35b4cd7df857d3dda6313d6bf67227fa9403c7
SHA512

ef586083d7556fe2b498db34efb0a1056fca6cb24873570639032dd8e5177479e3dd4a745a4e319e757d30fdb4fec8ee2e4cd534d95fb94dd272262c6985baf5
SSDEEP

24576:aCvDIjA70YeXUwSZN+9xHkBAOFe6ESMNzmm:z7Mw0FXUXNyGBAOFe6ESMNz5

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2704-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2704-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2984-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2984-20-0x00000000054D0000-0x0000000005663000-memory.dmp	xmrig
behavioral2/memory/2984-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2984-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2984	aa8a2796fe338226bbf4dcdd68ea0e77.exe

Executes dropped EXE 1 IoCs

pid	Process
2984	aa8a2796fe338226bbf4dcdd68ea0e77.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2704-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0006000000023204-11.dat	upx
behavioral2/memory/2984-12-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2704	aa8a2796fe338226bbf4dcdd68ea0e77.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2704	aa8a2796fe338226bbf4dcdd68ea0e77.exe
2984	aa8a2796fe338226bbf4dcdd68ea0e77.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2984	2704	aa8a2796fe338226bbf4dcdd68ea0e77.exe	92
PID 2704 wrote to memory of 2984	2704	aa8a2796fe338226bbf4dcdd68ea0e77.exe	92
PID 2704 wrote to memory of 2984	2704	aa8a2796fe338226bbf4dcdd68ea0e77.exe	92

C:\Users\Admin\AppData\Local\Temp\aa8a2796fe338226bbf4dcdd68ea0e77.exe

Filesize
260KB

MD5
ee1527677b69b3f7aff5b6c271de85b3

SHA1
b1bea154545279f58e10089b02193ac423b69f73

SHA256
6a78e13a45177f46a7e6ec16996b75920ed45237173d1593012ac97751709b19

SHA512
412be349a7df2d740aab59e74051fc526d2282164f0ae1110a9f94f82ca043672617c9d0c5847e847d8187c255d395414454ef5dc42f7095c2e5ec6b789d5e95

Download Submit
memory/2704-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2704-1-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/2704-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2704-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2984-12-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2984-15-0x00000000018F0000-0x00000000019B4000-memory.dmp

Filesize
784KB

Download
memory/2984-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2984-20-0x00000000054D0000-0x0000000005663000-memory.dmp

Filesize
1.6MB

Download
memory/2984-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2984-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download