xmrig | 6900014cd95d78d2287d472788676591e68d24a8a80edb9b109af20d12f3981b

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb79f1fd99b02ce1ec0154b5bcce862f.exe
Size

784KB
MD5

cb79f1fd99b02ce1ec0154b5bcce862f
SHA1

eb44f96c6cccf97786c4e303758bff24ec122232
SHA256

6900014cd95d78d2287d472788676591e68d24a8a80edb9b109af20d12f3981b
SHA512

f47d8eeb17c7511f54d3cc88fc29d8361fef043d200eb5085ff85e1935d41521e2d1b6f589667a013f5b8d193dc54c559b2e5f4cedd2d1da5d03ba8c7d331a45
SSDEEP

24576:3CvMBpzBubziXspODLH7XtlECtj7BDcreNI3dlWsK:MmtBun86MLrtlE6j7Sa8T

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/3060-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3060-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2272-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2272-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2272-24-0x0000000003250000-0x00000000033E3000-memory.dmp	xmrig
behavioral1/memory/2272-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2272	cb79f1fd99b02ce1ec0154b5bcce862f.exe

Executes dropped EXE 1 IoCs

pid	Process
2272	cb79f1fd99b02ce1ec0154b5bcce862f.exe

Loads dropped DLL 1 IoCs

pid	Process
3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3060-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000014b4b-10.dat	upx
behavioral1/memory/3060-15-0x0000000003230000-0x0000000003542000-memory.dmp	upx
behavioral1/files/0x000c000000014b4b-16.dat	upx
behavioral1/memory/2272-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe
2272	cb79f1fd99b02ce1ec0154b5bcce862f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2272	3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe	29
PID 3060 wrote to memory of 2272	3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe	29
PID 3060 wrote to memory of 2272	3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe	29
PID 3060 wrote to memory of 2272	3060	cb79f1fd99b02ce1ec0154b5bcce862f.exe	29

C:\Users\Admin\AppData\Local\Temp\cb79f1fd99b02ce1ec0154b5bcce862f.exe
"C:\Users\Admin\AppData\Local\Temp\cb79f1fd99b02ce1ec0154b5bcce862f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\cb79f1fd99b02ce1ec0154b5bcce862f.exe
  C:\Users\Admin\AppData\Local\Temp\cb79f1fd99b02ce1ec0154b5bcce862f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cb79f1fd99b02ce1ec0154b5bcce862f.exe

Filesize
447KB

MD5
2ebea7b514a781844716ddad0d85623a

SHA1
dd1b4c05d5528db09bd97c4e4f6fa000e5e2a30e

SHA256
b243a155d9d0fe08fa2838b31fab4c69a4994d8368244f6c0d860b98591932e8

SHA512
2157dbe23c7536d42ec74d96614b26ff67f634f53e08bd628635b596aca5690ac3e3e4b106f6d55137348bf0038158b15d617f9510f22a17a379bcd66ffe8986

Download Submit
\Users\Admin\AppData\Local\Temp\cb79f1fd99b02ce1ec0154b5bcce862f.exe

Filesize
687KB

MD5
513da765fccdcde563d9672a6c263130

SHA1
32ac39dcebad669ffef34d6d3f664614393e7782

SHA256
686a0759fd3979af17adaa9bb9edf4ad5a8f5f568629a0024628759f4c8ce94e

SHA512
450b94fdd2c23764534157ec40775ce13d3d4ebe5c3ade28089373f151fc4cc88f59956eaf8c4a38ddec6d0cb7ba79be4dcac93282dbd625b7662839e00b371f

Download Submit
memory/2272-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2272-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2272-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2272-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2272-24-0x0000000003250000-0x00000000033E3000-memory.dmp

Filesize
1.6MB

Download
memory/2272-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3060-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3060-15-0x0000000003230000-0x0000000003542000-memory.dmp

Filesize
3.1MB

Download
memory/3060-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/3060-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3060-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download