Overview

overview

10

Static

static

7

e8b3bbba37...c9.exe

windows7-x64

10

e8b3bbba37...c9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    166s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8b3bbba3767ebd6bc7ad6b304e34dc9.exe

  • Size

    784KB

  • MD5

    e8b3bbba3767ebd6bc7ad6b304e34dc9

  • SHA1

    9222b0bbd9656f2632df2f06ee9043abcfaafd9e

  • SHA256

    b9612531528fb52adcb67dd2b2371e95881e7f4922296460baf69174a08660ab

  • SHA512

    ce91f74c1039811c69362df57222a6529721bec6b5c8fedbab76ad3c23f0200fb8fb18e0c25ae6adc50b75a786f92e7f4ac7e47d3068d7a9545843ab8f779708

  • SSDEEP

    24576:Y1PWe3ujJO5Bgy6BIXAZqmi5QHgFvlyNs3vxTqbi:Y1+BOUvGYnHAFtYs3vkb

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8b3bbba3767ebd6bc7ad6b304e34dc9.exe
    "C:\Users\Admin\AppData\Local\Temp\e8b3bbba3767ebd6bc7ad6b304e34dc9.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Users\Admin\AppData\Local\Temp\e8b3bbba3767ebd6bc7ad6b304e34dc9.exe
      C:\Users\Admin\AppData\Local\Temp\e8b3bbba3767ebd6bc7ad6b304e34dc9.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e8b3bbba3767ebd6bc7ad6b304e34dc9.exe
    Filesize

    92KB

    MD5

    7ede02c739f63590d0efbda896bf8874

    SHA1

    b61abb65008c1018923843c1793a7281862f2a02

    SHA256

    b66b26c4c8bc176e33c78c4412aff8d03c53816c95472049be6876ab21fd2db3

    SHA512

    403ea5b4475adf9e4c05e6aafd874cc1b1ac0dd16b4db755dc36dfc34e5f34681aaa571f55015c9c49ab8feb2d72562de32a7b31e2ccf2e7de4a4ff801478e43

    Download Submit

  • memory/3264-13-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3264-15-0x0000000001720000-0x00000000017E4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/3264-21-0x0000000005420000-0x00000000055B3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3264-20-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3264-14-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3264-30-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4292-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4292-1-0x0000000001AA0000-0x0000000001B64000-memory.dmp

    Filesize

    784KB

    Download

  • memory/4292-2-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4292-12-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download