xmrig | 92edc7316427da75efc0ac839f0fdf03b6ec64ef3aec5e938da6a3366f9239e1

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3c14a51ff11defadc1652d9c0387444.exe
Size

1.5MB
MD5

b3c14a51ff11defadc1652d9c0387444
SHA1

bbe39501e00d418879fe0bbd7efe115151dc88ea
SHA256

92edc7316427da75efc0ac839f0fdf03b6ec64ef3aec5e938da6a3366f9239e1
SHA512

e32b2c6ff89732d0bf7881854989650989d61fc206d5d3fc5ca86a6ae572ecc911881080ec8283f00e3a09426b6f569477dfabf1b5866dab5c59af9980c4e327
SSDEEP

49152:gRw6++bmKTHCSthf850LOWYalgtkX8Yc5:gS+SAjHf8oOWYallMYw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2536-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2216-19-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2216-27-0x00000000031D0000-0x0000000003363000-memory.dmp	xmrig
behavioral1/memory/2216-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2536-16-0x0000000003310000-0x0000000003622000-memory.dmp	xmrig
behavioral1/memory/2216-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2536-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2216	b3c14a51ff11defadc1652d9c0387444.exe

Executes dropped EXE 1 IoCs

pid	Process
2216	b3c14a51ff11defadc1652d9c0387444.exe

Loads dropped DLL 1 IoCs

pid	Process
2536	b3c14a51ff11defadc1652d9c0387444.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a00000001224e-10.dat	upx
behavioral1/files/0x000a00000001224e-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2536	b3c14a51ff11defadc1652d9c0387444.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2536	b3c14a51ff11defadc1652d9c0387444.exe
2216	b3c14a51ff11defadc1652d9c0387444.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2216	2536	b3c14a51ff11defadc1652d9c0387444.exe	29
PID 2536 wrote to memory of 2216	2536	b3c14a51ff11defadc1652d9c0387444.exe	29
PID 2536 wrote to memory of 2216	2536	b3c14a51ff11defadc1652d9c0387444.exe	29
PID 2536 wrote to memory of 2216	2536	b3c14a51ff11defadc1652d9c0387444.exe	29

C:\Users\Admin\AppData\Local\Temp\b3c14a51ff11defadc1652d9c0387444.exe
"C:\Users\Admin\AppData\Local\Temp\b3c14a51ff11defadc1652d9c0387444.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\b3c14a51ff11defadc1652d9c0387444.exe
  C:\Users\Admin\AppData\Local\Temp\b3c14a51ff11defadc1652d9c0387444.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b3c14a51ff11defadc1652d9c0387444.exe

Filesize
381KB

MD5
c17bac0ebf36c40a7efd10e6cd082eed

SHA1
c5f7264b235f3027a7a401336b120c958d0540b9

SHA256
d0cfb63041469f16f342008c4b0bf22f0a5aa888594c643738b59dfdcccdde6c

SHA512
46a7b1202857341d73725f5fcc0e543b2a425ed9c7e9e2bb7208468047f238c54dbef7a18e7925e43548b899863d4dcef3a2250848a675028e2fdccdb8795e0c

Download Submit
\Users\Admin\AppData\Local\Temp\b3c14a51ff11defadc1652d9c0387444.exe

Filesize
576KB

MD5
97756bb66fb9c065f27911c3cebe7112

SHA1
f91ece3b669e29f5e91313acfa4f95330e7944cf

SHA256
adce655b710185c88f8b5a63c0d8dfe403fbf4db91f6367aa4783434c20bf2da

SHA512
ecc576141b19228c198b616ca409f1f2c6cfcd0d32d0f98dd856fec4e409f566927ea715d9086c5b7ea87203b98e4a0f21795361e7df8565a6211823c5802287

Download Submit
memory/2216-19-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2216-21-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2216-27-0x00000000031D0000-0x0000000003363000-memory.dmp

Filesize
1.6MB

Download
memory/2216-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2216-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2536-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2536-2-0x00000000002A0000-0x0000000000364000-memory.dmp

Filesize
784KB

Download
memory/2536-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2536-16-0x0000000003310000-0x0000000003622000-memory.dmp

Filesize
3.1MB

Download
memory/2536-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download