xmrig | 14094a54474576922912f9442251d505433de3955801e1c7e06b0ed9e248a037

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d70888a3df2972a85e8280f6e28d50a5.exe
Size

784KB
MD5

d70888a3df2972a85e8280f6e28d50a5
SHA1

b31cc0df1a99ecdea32b6c9a08534f32efedd31e
SHA256

14094a54474576922912f9442251d505433de3955801e1c7e06b0ed9e248a037
SHA512

7b191d3e90655f3217a50af682aebb3737b2a20a3acf07b085ecc7352ba9c2282217a7b25b9bbfb719bd40b018f479f8c4f39596d03b24f2b39b00ee9b608d1a
SSDEEP

12288:7IqgsJS/YIHYZ7f89ivigEBDhTLPW5twnEXjBsEOmvdjFyQ8nv15Kyf:7Iqgso/YIHYZLmiABLymo2EZdR/w5H

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2288-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2288-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2288-15-0x0000000003230000-0x0000000003542000-memory.dmp	xmrig
behavioral1/memory/2700-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2700-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2700-28-0x00000000031B0000-0x0000000003343000-memory.dmp	xmrig
behavioral1/memory/2700-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2700	d70888a3df2972a85e8280f6e28d50a5.exe

Executes dropped EXE 1 IoCs

pid	Process
2700	d70888a3df2972a85e8280f6e28d50a5.exe

Loads dropped DLL 1 IoCs

pid	Process
2288	d70888a3df2972a85e8280f6e28d50a5.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2288-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012281-10.dat	upx
behavioral1/memory/2700-18-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2288-15-0x0000000003230000-0x0000000003542000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2288	d70888a3df2972a85e8280f6e28d50a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2288	d70888a3df2972a85e8280f6e28d50a5.exe
2700	d70888a3df2972a85e8280f6e28d50a5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2700	2288	d70888a3df2972a85e8280f6e28d50a5.exe	28
PID 2288 wrote to memory of 2700	2288	d70888a3df2972a85e8280f6e28d50a5.exe	28
PID 2288 wrote to memory of 2700	2288	d70888a3df2972a85e8280f6e28d50a5.exe	28
PID 2288 wrote to memory of 2700	2288	d70888a3df2972a85e8280f6e28d50a5.exe	28

C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe
"C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe
  C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe

Filesize
92KB

MD5
c84bf4265c79048d41ab14b544eca532

SHA1
ead95c8dca60156778f263354d66afa5c2a3907e

SHA256
b1ebc851a9b57f52ce77a1be67d70030ee641dc182ba0e137981b45a4edc14e2

SHA512
1d25d2ebdea04fe8f8a02f8382f9c8ca5fb4bff66fb869f1c7427717b5ac5f97025eaae91584ccd835c55b0e9588aca68d03e0949ec6e7a83e683d487b5992e0

Download Submit
memory/2288-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2288-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2288-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2288-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2288-15-0x0000000003230000-0x0000000003542000-memory.dmp

Filesize
3.1MB

Download
memory/2700-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2700-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2700-20-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2700-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2700-28-0x00000000031B0000-0x0000000003343000-memory.dmp

Filesize
1.6MB

Download
memory/2700-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download