xmrig | f91c707286162f32ff32f18f29b715dc1c69df4385b8d00eb4c7b348ace6a4ab

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5e65055ed3a749da2e175dba0dc15da.exe
Size

784KB
MD5

f5e65055ed3a749da2e175dba0dc15da
SHA1

f4a326816e30da898bad259e34b23bede896c9f6
SHA256

f91c707286162f32ff32f18f29b715dc1c69df4385b8d00eb4c7b348ace6a4ab
SHA512

3bbb65e84dc2028dc667eed35f1e659eb07994d97865699e88aee662e6540871b2285d1be4b22a92b67844a2c7f2a253babb46021caaf49591d0d0134c7b1c28
SSDEEP

24576:1qHIsODHbtxCCC/h4A4ancWeILWrU1Kh:1Ge3Zgh4ancIT+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2032-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2032-16-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2716-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2716-26-0x0000000003030000-0x00000000031C3000-memory.dmp	xmrig
behavioral1/memory/2716-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2716-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2716-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2716	f5e65055ed3a749da2e175dba0dc15da.exe

Executes dropped EXE 1 IoCs

pid	Process
2716	f5e65055ed3a749da2e175dba0dc15da.exe

Loads dropped DLL 1 IoCs

pid	Process
2032	f5e65055ed3a749da2e175dba0dc15da.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2032-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000800000001224f-10.dat	upx
behavioral1/files/0x000800000001224f-14.dat	upx
behavioral1/memory/2716-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2032	f5e65055ed3a749da2e175dba0dc15da.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2032	f5e65055ed3a749da2e175dba0dc15da.exe
2716	f5e65055ed3a749da2e175dba0dc15da.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2716	2032	f5e65055ed3a749da2e175dba0dc15da.exe	29
PID 2032 wrote to memory of 2716	2032	f5e65055ed3a749da2e175dba0dc15da.exe	29
PID 2032 wrote to memory of 2716	2032	f5e65055ed3a749da2e175dba0dc15da.exe	29
PID 2032 wrote to memory of 2716	2032	f5e65055ed3a749da2e175dba0dc15da.exe	29

C:\Users\Admin\AppData\Local\Temp\f5e65055ed3a749da2e175dba0dc15da.exe
"C:\Users\Admin\AppData\Local\Temp\f5e65055ed3a749da2e175dba0dc15da.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\f5e65055ed3a749da2e175dba0dc15da.exe
  C:\Users\Admin\AppData\Local\Temp\f5e65055ed3a749da2e175dba0dc15da.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f5e65055ed3a749da2e175dba0dc15da.exe

Filesize
224KB

MD5
ca25441954e6892bc5cdf8d747882efc

SHA1
f624ff0b457fba6b65870ae76e3328491664e362

SHA256
a5f514acc31d8161f89980e0d696d4bc35f9c9a89f720c08682b5ef88929ec7c

SHA512
d3a71116174517cd956e39a7aa275bec9b583c2e06265a0889eaa9031cef1b1e74469af0840c1ee3fe35ed530304d752388128ec4d098026400b8c3de1ff9ea3

Download Submit
\Users\Admin\AppData\Local\Temp\f5e65055ed3a749da2e175dba0dc15da.exe

Filesize
224KB

MD5
1c15407e5dfae422fa9210cd7a3ed745

SHA1
157f9252275dfc7ac91b2a02151cbbe5ce705e8a

SHA256
57c61b56366d4edf29470b794215e0b98436d92f8cd989db25369d968e02819d

SHA512
a04e01791e19e3cd29a916de15795d33285c42f0614efd69705613871bd3898b1a7868ff157ba981a5ca51544a4782400feb4601e8104a9d75c228de5c11487d

Download Submit
memory/2032-3-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2032-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2032-16-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2032-15-0x00000000031F0000-0x0000000003502000-memory.dmp

Filesize
3.1MB

Download
memory/2032-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2716-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2716-18-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/2716-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2716-26-0x0000000003030000-0x00000000031C3000-memory.dmp

Filesize
1.6MB

Download
memory/2716-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2716-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2716-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download