xmrig | 60165eb9d70d67d89f36867df70332e6a9514176e889968820c998551af44d99

Analysis

max time kernel
139s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:27

Target

c22ccbb79cf594d8b222fcb5c8b41abc.exe
Size

784KB
MD5

c22ccbb79cf594d8b222fcb5c8b41abc
SHA1

46ce054383c342e68345681356ebbca98eddf265
SHA256

60165eb9d70d67d89f36867df70332e6a9514176e889968820c998551af44d99
SHA512

1fa4295f170ae2e7f4f3a5f82e714c8fdd3250cd2ad01eddc0360c517c29ff6d909c72e400eb618cb19e41287138b1f00d1ea653e2720e587c04765ff2e722bc
SSDEEP

12288:fbQ4yQeNrCcgwbk+EA56HIGJW9S4OZxWGYfc9kqMYEAAHs1tcnv2XNfLtWYo7nb:jEx7k+3KIqxWL0kQygtcnv2XNTtWhX

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4736-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4736-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1760-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1760-21-0x0000000005360000-0x00000000054F3000-memory.dmp	xmrig
behavioral2/memory/1760-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1760-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/1760-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1760	c22ccbb79cf594d8b222fcb5c8b41abc.exe

Executes dropped EXE 1 IoCs

pid	Process
1760	c22ccbb79cf594d8b222fcb5c8b41abc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4736-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000e00000002314f-11.dat	upx
behavioral2/memory/1760-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4736	c22ccbb79cf594d8b222fcb5c8b41abc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4736	c22ccbb79cf594d8b222fcb5c8b41abc.exe
1760	c22ccbb79cf594d8b222fcb5c8b41abc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 1760	4736	c22ccbb79cf594d8b222fcb5c8b41abc.exe	23
PID 4736 wrote to memory of 1760	4736	c22ccbb79cf594d8b222fcb5c8b41abc.exe	23
PID 4736 wrote to memory of 1760	4736	c22ccbb79cf594d8b222fcb5c8b41abc.exe	23

C:\Users\Admin\AppData\Local\Temp\c22ccbb79cf594d8b222fcb5c8b41abc.exe

Filesize
67KB

MD5
42177f4182c6c2b3249eaeccbc378335

SHA1
2fff260d5d5316895d9611b1ab2097642e0f2316

SHA256
c18bfd69d620e362b22b9fc87d2f45f23ab01e7844c6cd94c803b8dde0723d64

SHA512
0b8819eade262dcd148c4844d5e511899391100d9e0f35d79620cd95baed6e4e40211a2960f7433d601ffe3bf77ffc0c4fac26c7eb531d0806e2343cbde9fcd8

Download Submit
memory/1760-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1760-16-0x0000000001AF0000-0x0000000001BB4000-memory.dmp

Filesize
784KB

Download
memory/1760-21-0x0000000005360000-0x00000000054F3000-memory.dmp

Filesize
1.6MB

Download
memory/1760-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1760-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1760-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1760-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4736-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4736-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4736-1-0x00000000019F0000-0x0000000001AB4000-memory.dmp

Filesize
784KB

Download
memory/4736-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download