xmrig | 3edac19339146fe67257125062b29708e2cddca8f0860a178129b3d2138646d2

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:28

Target

f041da7e6192b372c0ccb73ad7df98eb.exe
Size

784KB
MD5

f041da7e6192b372c0ccb73ad7df98eb
SHA1

5dc16abdddc1e6ac721eae4c84e6b325c5f1eeb4
SHA256

3edac19339146fe67257125062b29708e2cddca8f0860a178129b3d2138646d2
SHA512

4ea3e46f19f02469386f7262eba12c4c6f430b004b7f9aeebfd9310b286da830e2febad3f50d58064fc976001f35cdefe4931f7e29eef326c7c22456e1e02236
SSDEEP

24576:zoDDzdh/HW9POkH8IcOLBKwGXqi4Fk6SgwO:0zd9HCOkH8c4au6SF

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4292-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4292-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2104-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2104-20-0x00000000053D0000-0x0000000005563000-memory.dmp	xmrig
behavioral2/memory/2104-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2104-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2104	f041da7e6192b372c0ccb73ad7df98eb.exe

Executes dropped EXE 1 IoCs

pid	Process
2104	f041da7e6192b372c0ccb73ad7df98eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4292-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0006000000023233-11.dat	upx
behavioral2/memory/2104-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4292	f041da7e6192b372c0ccb73ad7df98eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4292	f041da7e6192b372c0ccb73ad7df98eb.exe
2104	f041da7e6192b372c0ccb73ad7df98eb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 2104	4292	f041da7e6192b372c0ccb73ad7df98eb.exe	91
PID 4292 wrote to memory of 2104	4292	f041da7e6192b372c0ccb73ad7df98eb.exe	91
PID 4292 wrote to memory of 2104	4292	f041da7e6192b372c0ccb73ad7df98eb.exe	91

C:\Users\Admin\AppData\Local\Temp\f041da7e6192b372c0ccb73ad7df98eb.exe

Filesize
784KB

MD5
824523c2b314e9225ecf320754f2ffca

SHA1
f3f150ce8f29fcda4d992cf09e5db4b62f493735

SHA256
4385f2984588f894f9ad83ffdad04e2d7933eb9e97e13ae8f4e1e557ce220677

SHA512
f79f7e3f82885b04a66c9cb63ab7ba4d51094458c884c1480221701d94424aa0ec12cb6c8817ba6f176dc17a8e56ef2f964884dddce09aae971a1cba713e5fc4

Download Submit
memory/2104-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2104-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2104-15-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/2104-20-0x00000000053D0000-0x0000000005563000-memory.dmp

Filesize
1.6MB

Download
memory/2104-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2104-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4292-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4292-1-0x0000000001A90000-0x0000000001B54000-memory.dmp

Filesize
784KB

Download
memory/4292-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4292-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download