xmrig | b8a073f84c98286d476318ea10703d968de31d562eede622c71e9e7abeaa467d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea62b72024ee0e2022052adc921e04d1.exe
Size

784KB
MD5

ea62b72024ee0e2022052adc921e04d1
SHA1

692808145544f0f93100c96847c627968565482e
SHA256

b8a073f84c98286d476318ea10703d968de31d562eede622c71e9e7abeaa467d
SHA512

4ca583a719f0efce0a3e25f111b1a767bcc1e46467c97961ada0e41f163a8055b9045829cbc5061c6f6fa548fae598e746c39eb3dc03d8b3049105255ffc0c9d
SSDEEP

24576:bqaGzsRvlGrtyPwFhwkwmxPmy7GgkWHw5XM:bM/rqwFhwkwmxPmU7kWO

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/3012-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3012-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2252-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2252-25-0x00000000032B0000-0x0000000003443000-memory.dmp	xmrig
behavioral1/memory/2252-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2252-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2252	ea62b72024ee0e2022052adc921e04d1.exe

Executes dropped EXE 1 IoCs

pid	Process
2252	ea62b72024ee0e2022052adc921e04d1.exe

Loads dropped DLL 1 IoCs

pid	Process
3012	ea62b72024ee0e2022052adc921e04d1.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3012-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000800000001224f-10.dat	upx
behavioral1/memory/3012-15-0x00000000030E0000-0x00000000033F2000-memory.dmp	upx
behavioral1/files/0x000800000001224f-16.dat	upx
behavioral1/memory/2252-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3012	ea62b72024ee0e2022052adc921e04d1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3012	ea62b72024ee0e2022052adc921e04d1.exe
2252	ea62b72024ee0e2022052adc921e04d1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2252	3012	ea62b72024ee0e2022052adc921e04d1.exe	29
PID 3012 wrote to memory of 2252	3012	ea62b72024ee0e2022052adc921e04d1.exe	29
PID 3012 wrote to memory of 2252	3012	ea62b72024ee0e2022052adc921e04d1.exe	29
PID 3012 wrote to memory of 2252	3012	ea62b72024ee0e2022052adc921e04d1.exe	29

C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe
"C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe
  C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe

Filesize
604KB

MD5
28ae120694df7b96dcfcef8237b34958

SHA1
e2e92c5b6c21e1a940793fd9fd452c86b8480714

SHA256
3670bdf4c6f97e9db8e13f8916459d5de46d63c5159623071574f5c4a821781f

SHA512
dab1432dbe165bf129793f1950a72ed850fd8cf4975e4aee016d3ed8ad387d7409f9e2c8c4cb70929533576754ad95d7d194bab9fe4b4616075719234a1871f3

Download Submit
\Users\Admin\AppData\Local\Temp\ea62b72024ee0e2022052adc921e04d1.exe

Filesize
481KB

MD5
3f510e65932ec99f250b16264ccb621c

SHA1
ab7071f1f33f604587f3fb7e926d9e90827c9deb

SHA256
1b722e3394de993ef243538f5f04d483b9c4c99f4ae081048f8883c2e75abc99

SHA512
a2393de39a6a6d4a51c5c9e1a6ea1483c5be53f0716e27230faf4bc06df066f9327b83cc2cbf23a244c2d331d079daf692a1d4b02345c444926a87ccc499c507

Download Submit
memory/2252-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2252-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2252-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2252-25-0x00000000032B0000-0x0000000003443000-memory.dmp

Filesize
1.6MB

Download
memory/2252-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2252-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3012-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3012-15-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/3012-1-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/3012-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3012-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download