xmrig | 5bd8ece22b31703df1228fd0540f485cfa9ce782ca0c32bc948adaeb7d3a29c4

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b588725a866b648e6f7f3ef366ed8d7a.exe
Size

784KB
MD5

b588725a866b648e6f7f3ef366ed8d7a
SHA1

7b1b5dc243acc73ac26f68fa7ca1a07e2b2923ef
SHA256

5bd8ece22b31703df1228fd0540f485cfa9ce782ca0c32bc948adaeb7d3a29c4
SHA512

b5c99ee26a08782d6bc47de986f79460172f67603cea9728eeaec62b5c8b1c6f5f9940ae196997a175206defcae12d072da6cf627ed864a0ce732afc4f26ba03
SSDEEP

24576:Qm96fcoc+EY1KDlAoYivbaKKG1N2qhWS7yQK/BU:L96koTEY1Ka4vrjLWzQKZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2388-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2388-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2388-14-0x00000000030E0000-0x00000000033F2000-memory.dmp	xmrig
behavioral1/memory/2452-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2452-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2452-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2452-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2452	b588725a866b648e6f7f3ef366ed8d7a.exe

Executes dropped EXE 1 IoCs

pid	Process
2452	b588725a866b648e6f7f3ef366ed8d7a.exe

Loads dropped DLL 1 IoCs

pid	Process
2388	b588725a866b648e6f7f3ef366ed8d7a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2388-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c0000000122f3-10.dat	upx
behavioral1/files/0x000c0000000122f3-16.dat	upx
behavioral1/memory/2452-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2388	b588725a866b648e6f7f3ef366ed8d7a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2388	b588725a866b648e6f7f3ef366ed8d7a.exe
2452	b588725a866b648e6f7f3ef366ed8d7a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2452	2388	b588725a866b648e6f7f3ef366ed8d7a.exe	29
PID 2388 wrote to memory of 2452	2388	b588725a866b648e6f7f3ef366ed8d7a.exe	29
PID 2388 wrote to memory of 2452	2388	b588725a866b648e6f7f3ef366ed8d7a.exe	29
PID 2388 wrote to memory of 2452	2388	b588725a866b648e6f7f3ef366ed8d7a.exe	29

C:\Users\Admin\AppData\Local\Temp\b588725a866b648e6f7f3ef366ed8d7a.exe
"C:\Users\Admin\AppData\Local\Temp\b588725a866b648e6f7f3ef366ed8d7a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\b588725a866b648e6f7f3ef366ed8d7a.exe
  C:\Users\Admin\AppData\Local\Temp\b588725a866b648e6f7f3ef366ed8d7a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b588725a866b648e6f7f3ef366ed8d7a.exe

Filesize
265KB

MD5
c7e4e9cb2bef3ad57bf08000d1458882

SHA1
de391bc40e35b3472761b37d9f451327e077faa1

SHA256
4dbeb03083d46d7b3439f9f36c9f4b0d478dc911eb28a0bce5ef3fae26d839ba

SHA512
c6dcd3763f5f44007b14e4c81fe822ea317e7e45ece0732e32c0f9632e9d09ee7520cfd0acd60cdbd4708dea193a942a1669d5700a8ed974fd82a1353abbdace

Download Submit
\Users\Admin\AppData\Local\Temp\b588725a866b648e6f7f3ef366ed8d7a.exe

Filesize
234KB

MD5
bec0ffb3692acecb16d29a7b368476b2

SHA1
73a8e51c0b60bcae3b8ba18fe14bb941b3c0aa36

SHA256
cf85c08189944ef9df3939cb06ff4b6d2c03b268272b78e11734b557323b601d

SHA512
d380a73e5558689ab3edb38031d91f08c56e60632eb41e700e8c0e97d3e1c059eaf935249778aa3a288ba8a708da5a1f0d80c89303f4b7d7f20580efa6fbf7c5

Download Submit
memory/2388-14-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/2388-2-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2388-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2388-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2388-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2452-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2452-19-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/2452-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2452-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2452-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2452-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download