xmrig | 1f616085c928a4abf8d022479a539706293b199bbaa54071ec763872600866cd

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d426128a3bb73ce133189788b1a6613d.exe
Size

784KB
MD5

d426128a3bb73ce133189788b1a6613d
SHA1

67c0f60c81aca2a38bc10151a98dddb57b174428
SHA256

1f616085c928a4abf8d022479a539706293b199bbaa54071ec763872600866cd
SHA512

307feb3d443e32432eea6ec1171b2381202be9e080a944d75811b8fe337ca8fb86075b80b6857424f89775751bdbdbd2699e26cce8a7cc230c4a0d676f249d86
SSDEEP

12288:l8oH7PiA2NBpQIZ0Xl4kYls6AEgOTpu1U/913I6IuNqTmvQisnKqwsZsSo:ld7/8ppwQls6AaN13FpFvQTKqws2S

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4068-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1668-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1668-21-0x00000000054B0000-0x0000000005643000-memory.dmp	xmrig
behavioral2/memory/1668-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4068-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1668-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1668	d426128a3bb73ce133189788b1a6613d.exe

Executes dropped EXE 1 IoCs

pid	Process
1668	d426128a3bb73ce133189788b1a6613d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4068-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000e00000002314f-11.dat	upx
behavioral2/memory/1668-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4068	d426128a3bb73ce133189788b1a6613d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4068	d426128a3bb73ce133189788b1a6613d.exe
1668	d426128a3bb73ce133189788b1a6613d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 1668	4068	d426128a3bb73ce133189788b1a6613d.exe	22
PID 4068 wrote to memory of 1668	4068	d426128a3bb73ce133189788b1a6613d.exe	22
PID 4068 wrote to memory of 1668	4068	d426128a3bb73ce133189788b1a6613d.exe	22

C:\Users\Admin\AppData\Local\Temp\d426128a3bb73ce133189788b1a6613d.exe
"C:\Users\Admin\AppData\Local\Temp\d426128a3bb73ce133189788b1a6613d.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Users\Admin\AppData\Local\Temp\d426128a3bb73ce133189788b1a6613d.exe
  C:\Users\Admin\AppData\Local\Temp\d426128a3bb73ce133189788b1a6613d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d426128a3bb73ce133189788b1a6613d.exe

Filesize
165KB

MD5
b7f68df278eb555948e8df13b7b6ba02

SHA1
16dfaae1de24633f23e081fad9a7ed33afb50544

SHA256
e21db82e97c4405a99e4b1d6bd088d831981cd5cfc605ce4ff82a57ab5b707d9

SHA512
9f4848b6ef5d99b421523be4c6eee9364660e413b7766c1110b43a49987426d8185fa9acdbcf5adc2c089795bd2e219f89a50b05a532fe0471a1bdba00e9bf2e

Download Submit
memory/1668-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1668-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1668-17-0x0000000001900000-0x00000000019C4000-memory.dmp

Filesize
784KB

Download
memory/1668-21-0x00000000054B0000-0x0000000005643000-memory.dmp

Filesize
1.6MB

Download
memory/1668-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1668-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4068-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4068-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4068-1-0x0000000001A10000-0x0000000001AD4000-memory.dmp

Filesize
784KB

Download
memory/4068-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download