xmrig | df6ab5a5a643985dc451cf6f6ce91006c3ce8b1eea0d5510f98f004d8cd9beab

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1a91b0f843891d664ccc757ff3af104.exe
Size

784KB
MD5

e1a91b0f843891d664ccc757ff3af104
SHA1

4e08fba36739aeaebf4d3ed35293dbd796f8b56d
SHA256

df6ab5a5a643985dc451cf6f6ce91006c3ce8b1eea0d5510f98f004d8cd9beab
SHA512

af32093a52c2c1c01ff9857f62e0e98bc64123d9886b832f25b25fe247de1ab72af638fe2fb8e9edecb49c145e428cf1a6647af800e63b66d5016d3a88d5a1a5
SSDEEP

24576:v0yYvWMjB2JV10vOjz+6Lnigf7oHIMcguAOY:v0y4PlNv2k/cgQ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2204-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2204-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2996-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2996-27-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2996-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2996-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2996	e1a91b0f843891d664ccc757ff3af104.exe

Executes dropped EXE 1 IoCs

pid	Process
2996	e1a91b0f843891d664ccc757ff3af104.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	e1a91b0f843891d664ccc757ff3af104.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000013a71-10.dat	upx
behavioral1/files/0x000a000000013a71-16.dat	upx
behavioral1/memory/2996-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2204-15-0x00000000031B0000-0x00000000034C2000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	e1a91b0f843891d664ccc757ff3af104.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	e1a91b0f843891d664ccc757ff3af104.exe
2996	e1a91b0f843891d664ccc757ff3af104.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2996	2204	e1a91b0f843891d664ccc757ff3af104.exe	24
PID 2204 wrote to memory of 2996	2204	e1a91b0f843891d664ccc757ff3af104.exe	24
PID 2204 wrote to memory of 2996	2204	e1a91b0f843891d664ccc757ff3af104.exe	24
PID 2204 wrote to memory of 2996	2204	e1a91b0f843891d664ccc757ff3af104.exe	24

C:\Users\Admin\AppData\Local\Temp\e1a91b0f843891d664ccc757ff3af104.exe
"C:\Users\Admin\AppData\Local\Temp\e1a91b0f843891d664ccc757ff3af104.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\e1a91b0f843891d664ccc757ff3af104.exe
  C:\Users\Admin\AppData\Local\Temp\e1a91b0f843891d664ccc757ff3af104.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e1a91b0f843891d664ccc757ff3af104.exe

Filesize
26KB

MD5
36a81c0812362eda18412cff1ebc275d

SHA1
4f83580b4f18a9459b6fe94f7588af7642dcc84e

SHA256
1768747e2157ef3ccc88e3653c639b0081fba937b0f35192bacb5dab7816275d

SHA512
1275598d4d58622f049a70fcbc83bab63007c7de5c805341a27a30dbe1c9aabfce3378a00db6ca589de3804a6115e861b239290342c25d6939c2825a87a4eb8c

Download Submit
\Users\Admin\AppData\Local\Temp\e1a91b0f843891d664ccc757ff3af104.exe

Filesize
50KB

MD5
a477d8fa5ac598fe6cd1bdc0ce7e34ad

SHA1
b4b4229093d81153329a9af515622ebea7e97af9

SHA256
c95edeefc5583303597fa4c017dfe6c81887e5a11c8fe2fc9acbc66f58f3c660

SHA512
7535320f037118bf5c7e393aac4ed85b058e89210f6cdf7c9426780aece1612e0e4ef26f256a1d0a0a6d40d2f392331b38370f4bef2371684c2f672ec103ae94

Download Submit
memory/2204-15-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download
memory/2204-3-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2204-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2204-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2204-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2996-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2996-20-0x0000000000200000-0x00000000002C4000-memory.dmp

Filesize
784KB

Download
memory/2996-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2996-27-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2996-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2996-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download