xmrig | a3d32f60fa8cedea56cedc85bc5cb8355d79b899d7f4e6f6f2a0c35e174f0721

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7dd9070a4c40a95c80b171f9f170923.exe
Size

784KB
MD5

f7dd9070a4c40a95c80b171f9f170923
SHA1

f2835ee7a29f590fb662770a9dd3f874de7ac8da
SHA256

a3d32f60fa8cedea56cedc85bc5cb8355d79b899d7f4e6f6f2a0c35e174f0721
SHA512

f67e5ffaf9562fa39aff3011104fcfe684a8bc78d7d9d9e64931b767ec89c6c559818a68b6647bbfbd3249bf1200eee8e29198ebde01d40fd07e2e1774b3599d
SSDEEP

12288:7IqgsJS/YIHYZ7f89ivigEBDhTLPW5twnEXjBsEOmvdjFyQ8nv15Kyf:7Iqgso/YIHYZLmiABLymo2EZdR/w5H

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2040-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2040-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2376-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2376-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2376-25-0x0000000003230000-0x00000000033C3000-memory.dmp	xmrig
behavioral1/memory/2376-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2376-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2376	f7dd9070a4c40a95c80b171f9f170923.exe

Executes dropped EXE 1 IoCs

pid	Process
2376	f7dd9070a4c40a95c80b171f9f170923.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	f7dd9070a4c40a95c80b171f9f170923.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000015d1a-14.dat	upx
behavioral1/memory/2376-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000015d1a-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2040	f7dd9070a4c40a95c80b171f9f170923.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2040	f7dd9070a4c40a95c80b171f9f170923.exe
2376	f7dd9070a4c40a95c80b171f9f170923.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2376	2040	f7dd9070a4c40a95c80b171f9f170923.exe	17
PID 2040 wrote to memory of 2376	2040	f7dd9070a4c40a95c80b171f9f170923.exe	17
PID 2040 wrote to memory of 2376	2040	f7dd9070a4c40a95c80b171f9f170923.exe	17
PID 2040 wrote to memory of 2376	2040	f7dd9070a4c40a95c80b171f9f170923.exe	17

C:\Users\Admin\AppData\Local\Temp\f7dd9070a4c40a95c80b171f9f170923.exe
C:\Users\Admin\AppData\Local\Temp\f7dd9070a4c40a95c80b171f9f170923.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2376

C:\Users\Admin\AppData\Local\Temp\f7dd9070a4c40a95c80b171f9f170923.exe
"C:\Users\Admin\AppData\Local\Temp\f7dd9070a4c40a95c80b171f9f170923.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f7dd9070a4c40a95c80b171f9f170923.exe

Filesize
156KB

MD5
2dbf3fee7a79c073d55ab7c15eda573c

SHA1
430b1151bbbf90a2e5aa6586d56872e81238b09b

SHA256
af5406e54b816994aecea694ed6ed21ce482c639121b69b6aa0ddb5dc19d72a9

SHA512
8fe272844429b558a675785fb61879f328b52cf463542c5f30cadbd3bef5666658a12d724f216d90dd0d13a4cf419859a069e70d770bd2bf81a0e0eff82041d6

Download Submit
\Users\Admin\AppData\Local\Temp\f7dd9070a4c40a95c80b171f9f170923.exe

Filesize
134KB

MD5
1a1501ef2a4cd6cf648c49e23f23b2a1

SHA1
409729cc168fc336a30117af9cf006eed961762c

SHA256
9363d4af221736ea3f61419170fa9c513cd4b591b1e7da0a4301f289b374f14a

SHA512
4f4ce4f94818cba6af91416bfdbce10ee429967b6a11a21934d3123136ece5cc9d9097067e40c09c3f075d93a0611fdc786eb86c1fedb0473f5592faf87351e9

Download Submit
memory/2040-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2040-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2040-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2040-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2376-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2376-25-0x0000000003230000-0x00000000033C3000-memory.dmp

Filesize
1.6MB

Download
memory/2376-17-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2376-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2376-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2376-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2376-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download