xmrig | 6c345c25376fb849b84f5fa2be484db12d10257bcd901e692a246b4f46a9ec22

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c517a3d049bd6bbda8b5c344f54d8909.exe
Size

784KB
MD5

c517a3d049bd6bbda8b5c344f54d8909
SHA1

d24d298935ab8bf7705115eb0f96e44827954514
SHA256

6c345c25376fb849b84f5fa2be484db12d10257bcd901e692a246b4f46a9ec22
SHA512

592eb3b31f6769e0ebbf0de08736c16c16912b20e46f0ffadb159149bf1d37aa3b4ad3d618ccab2324ffac1b646a642f4e95af936f03ea391c89a7dc0f37024d
SSDEEP

12288:iGmVoM+qo/Rod5YNa533NxfqXg1u9NB3IWxF68hq4qbYPNZ1SYBwOm8l:rM+H/23fJdxqwg94EF66q9bWCdOJl

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4372-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4372-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1028-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1028-20-0x00000000053B0000-0x0000000005543000-memory.dmp	xmrig
behavioral2/memory/1028-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1028-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/1028-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1028	c517a3d049bd6bbda8b5c344f54d8909.exe

Executes dropped EXE 1 IoCs

pid	Process
1028	c517a3d049bd6bbda8b5c344f54d8909.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4372-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/1028-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023216-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4372	c517a3d049bd6bbda8b5c344f54d8909.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4372	c517a3d049bd6bbda8b5c344f54d8909.exe
1028	c517a3d049bd6bbda8b5c344f54d8909.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 1028	4372	c517a3d049bd6bbda8b5c344f54d8909.exe	90
PID 4372 wrote to memory of 1028	4372	c517a3d049bd6bbda8b5c344f54d8909.exe	90
PID 4372 wrote to memory of 1028	4372	c517a3d049bd6bbda8b5c344f54d8909.exe	90

C:\Users\Admin\AppData\Local\Temp\c517a3d049bd6bbda8b5c344f54d8909.exe
"C:\Users\Admin\AppData\Local\Temp\c517a3d049bd6bbda8b5c344f54d8909.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Users\Admin\AppData\Local\Temp\c517a3d049bd6bbda8b5c344f54d8909.exe
  C:\Users\Admin\AppData\Local\Temp\c517a3d049bd6bbda8b5c344f54d8909.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c517a3d049bd6bbda8b5c344f54d8909.exe

Filesize
784KB

MD5
4f9ce3eed6b769a3440c4eb86dad7dfb

SHA1
b4cf5e01153b140a5140067594f38a6fcb803db8

SHA256
e0506e72967d0e0f0d867610306653b68f40615479c832aa1ba08382189e5797

SHA512
7aff200c2706b478a360e0d8fee97cffcca531fa8ac0fa7c0f3efddb6ae8cfacd23b5da7db052bf687d46c97b212981da59bfea38e8a010669bbb4fadd0d0824

Download Submit
memory/1028-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1028-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1028-15-0x0000000001B40000-0x0000000001C04000-memory.dmp

Filesize
784KB

Download
memory/1028-20-0x00000000053B0000-0x0000000005543000-memory.dmp

Filesize
1.6MB

Download
memory/1028-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1028-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1028-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4372-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4372-1-0x00000000019D0000-0x0000000001A94000-memory.dmp

Filesize
784KB

Download
memory/4372-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4372-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download