xmrig | 7a857685cded1b5cf2b2af871175416b94e1190522999936162727b39de836d6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed692283d1e3f293d945d526deaf89d2.exe
Size

3.1MB
MD5

ed692283d1e3f293d945d526deaf89d2
SHA1

b27b8d4d33ad43243e2a2e104c28caedeb2c71e9
SHA256

7a857685cded1b5cf2b2af871175416b94e1190522999936162727b39de836d6
SHA512

3f7fd9a7d8c87f0a6321c82f36ffe69b0fd2cf804e109768547bbc7553e486bccdd9981d271eb3997f2570e34a399e7471a322298c03dd4e0cf584a73aac996c
SSDEEP

49152:nS3WQAjauu8LU6EubDKxi+FQmTgHtkcjLbsZCdsh0ZZPk0wv612:S3WXfG6Euaxi+FQkcQ0U07T2

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2588-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2588-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1712-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1712-21-0x0000000005400000-0x0000000005593000-memory.dmp	xmrig
behavioral2/memory/1712-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1712-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1712	ed692283d1e3f293d945d526deaf89d2.exe

Executes dropped EXE 1 IoCs

pid	Process
1712	ed692283d1e3f293d945d526deaf89d2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2588-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/1712-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000e00000002314b-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2588	ed692283d1e3f293d945d526deaf89d2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2588	ed692283d1e3f293d945d526deaf89d2.exe
1712	ed692283d1e3f293d945d526deaf89d2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 1712	2588	ed692283d1e3f293d945d526deaf89d2.exe	90
PID 2588 wrote to memory of 1712	2588	ed692283d1e3f293d945d526deaf89d2.exe	90
PID 2588 wrote to memory of 1712	2588	ed692283d1e3f293d945d526deaf89d2.exe	90

C:\Users\Admin\AppData\Local\Temp\ed692283d1e3f293d945d526deaf89d2.exe
"C:\Users\Admin\AppData\Local\Temp\ed692283d1e3f293d945d526deaf89d2.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Users\Admin\AppData\Local\Temp\ed692283d1e3f293d945d526deaf89d2.exe
  C:\Users\Admin\AppData\Local\Temp\ed692283d1e3f293d945d526deaf89d2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ed692283d1e3f293d945d526deaf89d2.exe

Filesize
354KB

MD5
ecaec5d2880c6fa20860c0e2d4aa25e5

SHA1
2f4f52754bf5ecb472931877b1abffa0994bd94c

SHA256
f2f74fca8fd291cdbd2a05f39407fda89caa407e5b1fcf3e88d5c9b200538e4f

SHA512
5c49f2c4fdad536c4c5c59474aaa07cf698a2f308f4b36530188791216d27dfafeb363dd7ce41ed6252a43f37e034e35c4cfc75b10447953176cc1e025fd77cb

Download Submit
memory/1712-14-0x0000000001A10000-0x0000000001AD4000-memory.dmp

Filesize
784KB

Download
memory/1712-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1712-21-0x0000000005400000-0x0000000005593000-memory.dmp

Filesize
1.6MB

Download
memory/1712-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1712-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1712-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2588-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2588-1-0x0000000001AA0000-0x0000000001B64000-memory.dmp

Filesize
784KB

Download
memory/2588-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2588-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download