xmrig | 14094a54474576922912f9442251d505433de3955801e1c7e06b0ed9e248a037

Analysis

max time kernel
162s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d70888a3df2972a85e8280f6e28d50a5.exe
Size

784KB
MD5

d70888a3df2972a85e8280f6e28d50a5
SHA1

b31cc0df1a99ecdea32b6c9a08534f32efedd31e
SHA256

14094a54474576922912f9442251d505433de3955801e1c7e06b0ed9e248a037
SHA512

7b191d3e90655f3217a50af682aebb3737b2a20a3acf07b085ecc7352ba9c2282217a7b25b9bbfb719bd40b018f479f8c4f39596d03b24f2b39b00ee9b608d1a
SSDEEP

12288:7IqgsJS/YIHYZ7f89ivigEBDhTLPW5twnEXjBsEOmvdjFyQ8nv15Kyf:7Iqgso/YIHYZLmiABLymo2EZdR/w5H

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/3424-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3424-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3140-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3140-20-0x00000000053E0000-0x0000000005573000-memory.dmp	xmrig
behavioral2/memory/3140-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3140-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3140	d70888a3df2972a85e8280f6e28d50a5.exe

Executes dropped EXE 1 IoCs

pid	Process
3140	d70888a3df2972a85e8280f6e28d50a5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3424-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023237-11.dat	upx
behavioral2/memory/3140-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3424	d70888a3df2972a85e8280f6e28d50a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3424	d70888a3df2972a85e8280f6e28d50a5.exe
3140	d70888a3df2972a85e8280f6e28d50a5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 3140	3424	d70888a3df2972a85e8280f6e28d50a5.exe	91
PID 3424 wrote to memory of 3140	3424	d70888a3df2972a85e8280f6e28d50a5.exe	91
PID 3424 wrote to memory of 3140	3424	d70888a3df2972a85e8280f6e28d50a5.exe	91

C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe
"C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe
  C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d70888a3df2972a85e8280f6e28d50a5.exe

Filesize
784KB

MD5
8c46d8ab939369e27e5bd79d85f11606

SHA1
0018ac29a617c14888d88559942ba6eaa87a60ca

SHA256
2e739307bb37c32e6fb5dd8b4dcc310d2e25266c02008842634d50f245d88df4

SHA512
d472178a45f5b77f4eaae1539c248f18983b7887a2ace0e265b93460a9bbca9a4f2a046a95aaf5db62de7e1a367041651c921ac593527e8844354568f663d30e

Download Submit
memory/3140-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3140-15-0x00000000019F0000-0x0000000001AB4000-memory.dmp

Filesize
784KB

Download
memory/3140-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3140-20-0x00000000053E0000-0x0000000005573000-memory.dmp

Filesize
1.6MB

Download
memory/3140-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3140-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3424-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3424-1-0x0000000001A70000-0x0000000001B34000-memory.dmp

Filesize
784KB

Download
memory/3424-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3424-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download