xmrig | 721b32201c60cb85ca3dd91015ed9a2e3b9135c2ba5c75044826ca179df80223

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c75b3b268bb1b865e46a0120d4844a06.exe
Size

1.5MB
MD5

c75b3b268bb1b865e46a0120d4844a06
SHA1

9445b8cdb3394201fa69740b2376d438ad9a0ab0
SHA256

721b32201c60cb85ca3dd91015ed9a2e3b9135c2ba5c75044826ca179df80223
SHA512

9809cc58b62390e5083de5a2e07fc70872ce48823977c4cf1f64a5d3cda93bf494dcaa296f18ed1ebd34bf3484771feb051be27f884ec99f7027d66f0474cd23
SSDEEP

24576:BT0W8FhIz3mWxS49sYY0MuyOml1nIgvYpqcSB3ttp9O0GmrNPZkDocbyyipu:R0XbjYYjuy5vYAJXrNiypu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/1460-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1460-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/556-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/556-21-0x0000000005310000-0x00000000054A3000-memory.dmp	xmrig
behavioral2/memory/556-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/556-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/556-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
556	c75b3b268bb1b865e46a0120d4844a06.exe

Executes dropped EXE 1 IoCs

pid	Process
556	c75b3b268bb1b865e46a0120d4844a06.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1460-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00070000000231f9-11.dat	upx
behavioral2/memory/556-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1460	c75b3b268bb1b865e46a0120d4844a06.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1460	c75b3b268bb1b865e46a0120d4844a06.exe
556	c75b3b268bb1b865e46a0120d4844a06.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 556	1460	c75b3b268bb1b865e46a0120d4844a06.exe	89
PID 1460 wrote to memory of 556	1460	c75b3b268bb1b865e46a0120d4844a06.exe	89
PID 1460 wrote to memory of 556	1460	c75b3b268bb1b865e46a0120d4844a06.exe	89

C:\Users\Admin\AppData\Local\Temp\c75b3b268bb1b865e46a0120d4844a06.exe
"C:\Users\Admin\AppData\Local\Temp\c75b3b268bb1b865e46a0120d4844a06.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Users\Admin\AppData\Local\Temp\c75b3b268bb1b865e46a0120d4844a06.exe
  C:\Users\Admin\AppData\Local\Temp\c75b3b268bb1b865e46a0120d4844a06.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c75b3b268bb1b865e46a0120d4844a06.exe

Filesize
784KB

MD5
c6e1e011f1cebea03aa07aff1b8cc6d0

SHA1
e8227fffac8ac573dc818aac724a5132dedf26b1

SHA256
baa6a7029e6152316c5cb6dee52fe182da884c8520b4ef4fb3eb25b0d0473b43

SHA512
8d90b311ab91c8399b49b5b14321cca76f521dcc5ad8084ef0c54b53ed1919bbccfc9d9e2388fba015b4c7dfba0f9ee96cc0791b3b78166369caf6119858f7ed

Download Submit
memory/556-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/556-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/556-15-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/556-21-0x0000000005310000-0x00000000054A3000-memory.dmp

Filesize
1.6MB

Download
memory/556-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/556-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/556-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1460-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1460-1-0x0000000001980000-0x0000000001A44000-memory.dmp

Filesize
784KB

Download
memory/1460-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1460-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download