xmrig | eb7541b78ac01427b8837e69721e55fb6b90b96ae749e3fb65daf6c7fd2ba4f8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f41ca1c3626acb7b6c20fa4518d9357a.exe
Size

1.5MB
MD5

f41ca1c3626acb7b6c20fa4518d9357a
SHA1

b84f2db0672692f62e11e01446e2db80bb452692
SHA256

eb7541b78ac01427b8837e69721e55fb6b90b96ae749e3fb65daf6c7fd2ba4f8
SHA512

75c158e7373fc0cf92c3978ef70621e789814bff7f9ff64ec3172b6f18e04c87f7d22f3d9e78fac075e6ca13f77636df76188c9ceaa129e741662bacdf71f071
SSDEEP

49152:YvJi5gYhZ0gAf3js3P22fN5jWOka21LWPe0:YJkgubajs3P1FmVW1

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/3628-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3628-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2244-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2244-20-0x0000000005580000-0x0000000005713000-memory.dmp	xmrig
behavioral2/memory/2244-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2244-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2244	f41ca1c3626acb7b6c20fa4518d9357a.exe

Executes dropped EXE 1 IoCs

pid	Process
2244	f41ca1c3626acb7b6c20fa4518d9357a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3628-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000600000002322d-11.dat	upx
behavioral2/memory/2244-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3628	f41ca1c3626acb7b6c20fa4518d9357a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3628	f41ca1c3626acb7b6c20fa4518d9357a.exe
2244	f41ca1c3626acb7b6c20fa4518d9357a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 2244	3628	f41ca1c3626acb7b6c20fa4518d9357a.exe	91
PID 3628 wrote to memory of 2244	3628	f41ca1c3626acb7b6c20fa4518d9357a.exe	91
PID 3628 wrote to memory of 2244	3628	f41ca1c3626acb7b6c20fa4518d9357a.exe	91

C:\Users\Admin\AppData\Local\Temp\f41ca1c3626acb7b6c20fa4518d9357a.exe
"C:\Users\Admin\AppData\Local\Temp\f41ca1c3626acb7b6c20fa4518d9357a.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Users\Admin\AppData\Local\Temp\f41ca1c3626acb7b6c20fa4518d9357a.exe
  C:\Users\Admin\AppData\Local\Temp\f41ca1c3626acb7b6c20fa4518d9357a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f41ca1c3626acb7b6c20fa4518d9357a.exe

Filesize
404KB

MD5
c07046896feb9b0b7b904dd0ee5feff9

SHA1
50a8d3743927a75a44d2de7ffeb69fe43bbe1b75

SHA256
f37de949ba9edd0fb665c9b0b38c3782095bbff39f24e0abb25c069a8981d4a0

SHA512
0a6f2247b6d629daae2cf52dee7755305ae19e604d6d4cbf19d7056b65868078c3343ef8be6a3978b33cf0c372e4bf7b94703fc7714ce03b594e2da722171f18

Download Submit
memory/2244-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2244-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2244-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2244-20-0x0000000005580000-0x0000000005713000-memory.dmp

Filesize
1.6MB

Download
memory/2244-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2244-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3628-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3628-1-0x0000000001AC0000-0x0000000001B84000-memory.dmp

Filesize
784KB

Download
memory/3628-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3628-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download