xmrig | 7b10e4a95366fdf2776279754d6b6b72ba165bb579c28f6268d710489cf34cf1

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cc484fdd205b1e883b34615a781b53b4.exe
Size

784KB
MD5

cc484fdd205b1e883b34615a781b53b4
SHA1

07ab3193c7c27c672ec92c67525d58ecd8d7f6f9
SHA256

7b10e4a95366fdf2776279754d6b6b72ba165bb579c28f6268d710489cf34cf1
SHA512

753dc34b4ff50453ad3ca3ff8e1368187469cb1affb1e1fd11dedad90d7e4e016caa084e02527d260d2125a5f6194f861bd616787ba5ba965621b15462a7fa9a
SSDEEP

12288:o1og3eu5bZWRkxK+kjQfJC92XVMWkpic6cR6/1ACX4Zu/IrFZ5/PGyxkw:o153eudZWRkbrgLWv/1p4+IRvvxP

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral1/memory/2180-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2180-15-0x0000000003170000-0x0000000003482000-memory.dmp	xmrig
behavioral1/memory/2180-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1364-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1364-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1364-26-0x00000000030F0000-0x0000000003283000-memory.dmp	xmrig
behavioral1/memory/1364-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1364-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2180-36-0x0000000003170000-0x0000000003482000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1364	cc484fdd205b1e883b34615a781b53b4.exe

Executes dropped EXE 1 IoCs

pid	Process
1364	cc484fdd205b1e883b34615a781b53b4.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	cc484fdd205b1e883b34615a781b53b4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000014213-10.dat	upx
behavioral1/files/0x000b000000014213-16.dat	upx
behavioral1/memory/1364-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	cc484fdd205b1e883b34615a781b53b4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	cc484fdd205b1e883b34615a781b53b4.exe
1364	cc484fdd205b1e883b34615a781b53b4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1364	2180	cc484fdd205b1e883b34615a781b53b4.exe	29
PID 2180 wrote to memory of 1364	2180	cc484fdd205b1e883b34615a781b53b4.exe	29
PID 2180 wrote to memory of 1364	2180	cc484fdd205b1e883b34615a781b53b4.exe	29
PID 2180 wrote to memory of 1364	2180	cc484fdd205b1e883b34615a781b53b4.exe	29

C:\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe
"C:\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe
  C:\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe

Filesize
563KB

MD5
68a0e4afa5b66c0de62d2e4c1b5f3905

SHA1
79fe6876ff55c86da130c3d3d7d85780832c8cb7

SHA256
9d3ebe7e9c5635004a0f1e12a155e55735c5d64f8f59a2f2c7643113604e3fb3

SHA512
e0b82e9cfb3215badf6ab9a551749f28d79a150c17057530410909b9d9167ce361c6f8233ece26fc375534adf896211b61b5ba7ddb9ff8198eac179c9bb888fe

Download Submit
\Users\Admin\AppData\Local\Temp\cc484fdd205b1e883b34615a781b53b4.exe

Filesize
670KB

MD5
c1a5f781fccfd698c4a816de18b23bb0

SHA1
de91090fe67f8fc3646794ebd370e2ac1acafd81

SHA256
e5af27f49853a228000862b47751920b930eba3b2fe26cc10fad0b53403c6c62

SHA512
26e7d288677e9962c8fdfa18ccc846e2c2db10f4178a52578918306a784f8e05d30992d3abd51d4cf59c70aa4c76fdd428dcbe86fa5ad237a6de380b8e9efac6

Download Submit
memory/1364-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1364-18-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/1364-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1364-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1364-26-0x00000000030F0000-0x0000000003283000-memory.dmp

Filesize
1.6MB

Download
memory/1364-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1364-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2180-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2180-2-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2180-15-0x0000000003170000-0x0000000003482000-memory.dmp

Filesize
3.1MB

Download
memory/2180-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2180-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2180-36-0x0000000003170000-0x0000000003482000-memory.dmp

Filesize
3.1MB

Download