xmrig | 72e76a0565d49129d78eea6f60323a4b8f6678cd6707f7684279b70fd05ff844

Analysis

max time kernel
131s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb65fa8bc33045178f0d3c9e36ff14c1.exe
Size

2.3MB
MD5

bb65fa8bc33045178f0d3c9e36ff14c1
SHA1

416336273cd1a4160cd8c00a7e13d615928aae3a
SHA256

72e76a0565d49129d78eea6f60323a4b8f6678cd6707f7684279b70fd05ff844
SHA512

7c92c2119d2c53c5cf223ce2c767d7198952ac88b0330d8ad25f2f7d96fee3c4e2d7b3fa920fe56795dcbad52649e524953f7d41ea9d62afe9bc1903e70da976
SSDEEP

49152:UoVBwt/LHO6a/Uvl5QnQVKaheOl8sNq7l5fySXCnX4s13oydJDX1RHckM6bvvK:Uo7wRajsvzQWR0h5fyeOXhOya6r

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2924-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2924-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1648-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1648-20-0x0000000005400000-0x0000000005593000-memory.dmp	xmrig
behavioral2/memory/1648-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1648-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1648	bb65fa8bc33045178f0d3c9e36ff14c1.exe

Executes dropped EXE 1 IoCs

pid	Process
1648	bb65fa8bc33045178f0d3c9e36ff14c1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2924-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023210-11.dat	upx
behavioral2/memory/1648-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2924	bb65fa8bc33045178f0d3c9e36ff14c1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2924	bb65fa8bc33045178f0d3c9e36ff14c1.exe
1648	bb65fa8bc33045178f0d3c9e36ff14c1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1648	2924	bb65fa8bc33045178f0d3c9e36ff14c1.exe	91
PID 2924 wrote to memory of 1648	2924	bb65fa8bc33045178f0d3c9e36ff14c1.exe	91
PID 2924 wrote to memory of 1648	2924	bb65fa8bc33045178f0d3c9e36ff14c1.exe	91

C:\Users\Admin\AppData\Local\Temp\bb65fa8bc33045178f0d3c9e36ff14c1.exe
"C:\Users\Admin\AppData\Local\Temp\bb65fa8bc33045178f0d3c9e36ff14c1.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\bb65fa8bc33045178f0d3c9e36ff14c1.exe
  C:\Users\Admin\AppData\Local\Temp\bb65fa8bc33045178f0d3c9e36ff14c1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bb65fa8bc33045178f0d3c9e36ff14c1.exe

Filesize
200KB

MD5
0ff3811ab415240caaf268da0777bbab

SHA1
24304587ac72433b348dbe5e0c578e4f5dbfcd11

SHA256
89b1e017b46ab6dd687d093019cdc8029f1ed224b9e2c3dfc1400ed2db3116d1

SHA512
7b3643eb78d6040b46ed6a060ec5441d38f6c0f750c35054595d614b53ad4031a075b8e09bbf572618e306da8906d45adc4a20950efc0014fe51871a2aa6d8ed

Download Submit
memory/1648-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1648-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1648-16-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1648-20-0x0000000005400000-0x0000000005593000-memory.dmp

Filesize
1.6MB

Download
memory/1648-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1648-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2924-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2924-1-0x0000000001A10000-0x0000000001AD4000-memory.dmp

Filesize
784KB

Download
memory/2924-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2924-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download