xmrig | 4feb943075354808a22d501cafccd69cae42b3ec996445bb1673ebc095ab4289

Analysis

max time kernel
91s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:10

Target

b946804a6c09589563bfd687ff4c2e2a.exe
Size

784KB
MD5

b946804a6c09589563bfd687ff4c2e2a
SHA1

25b5f1a76d720cb47f72acb4e0eb169ca6b06528
SHA256

4feb943075354808a22d501cafccd69cae42b3ec996445bb1673ebc095ab4289
SHA512

d9095fa7763f22b4064541591a0f4a36d72dcdb131b63155c7dcb415fc5b04922f57f721d66ddf8eeaf0b5d6b293c9d3de0cfb8e8cd0de377f78e4365cf2f0f8
SSDEEP

12288:3Mg914EbOftdUybA7CeaWm2eQHuqmHbYy45j+w8fw5xBnAa9n:8gAEWjUybnEm2jtEMyqkf4xBA

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4596-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4596-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3376-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3376-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3376-20-0x00000000053D0000-0x0000000005563000-memory.dmp	xmrig
behavioral2/memory/3376-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3376	b946804a6c09589563bfd687ff4c2e2a.exe

Executes dropped EXE 1 IoCs

pid	Process
3376	b946804a6c09589563bfd687ff4c2e2a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4596-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000700000002325a-11.dat	upx
behavioral2/memory/3376-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4596	b946804a6c09589563bfd687ff4c2e2a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4596	b946804a6c09589563bfd687ff4c2e2a.exe
3376	b946804a6c09589563bfd687ff4c2e2a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 3376	4596	b946804a6c09589563bfd687ff4c2e2a.exe	89
PID 4596 wrote to memory of 3376	4596	b946804a6c09589563bfd687ff4c2e2a.exe	89
PID 4596 wrote to memory of 3376	4596	b946804a6c09589563bfd687ff4c2e2a.exe	89

C:\Users\Admin\AppData\Local\Temp\b946804a6c09589563bfd687ff4c2e2a.exe

Filesize
58KB

MD5
8996e0fcedc85b86d6986e9f11073b7d

SHA1
9ea5d0b0538634d8bf30de00a950b72abf67f1e0

SHA256
882be9353b3b0d28b877f63993d99d7c0abc8117192cb1b2e1acf7b87075a959

SHA512
219f2e240e8678fe517dc691e8283122193e09b09e23d41b7c988e2ed85e838905987153d6fc6833ad51e3d4f49501778e509c05bfacc781afb05d2703b9a441

Download Submit
memory/3376-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3376-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3376-14-0x00000000019E0000-0x0000000001AA4000-memory.dmp

Filesize
784KB

Download
memory/3376-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3376-20-0x00000000053D0000-0x0000000005563000-memory.dmp

Filesize
1.6MB

Download
memory/3376-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4596-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4596-1-0x0000000001AA0000-0x0000000001B64000-memory.dmp

Filesize
784KB

Download
memory/4596-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4596-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download