xmrig | 8a92486e4077b245455e5d6a4a0465aac0fa48fb21eacf2ab223276852d387fa

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd74cce85f6cc046eecb8fac37b582bf.exe
Size

784KB
MD5

fd74cce85f6cc046eecb8fac37b582bf
SHA1

9e5ba765b7017e17f2e877ef4674efbbcb13d55f
SHA256

8a92486e4077b245455e5d6a4a0465aac0fa48fb21eacf2ab223276852d387fa
SHA512

1d843aba35d15309e9ac7b0213c9d98e552c23871ed5ce208bd2a0c47260a724a095f2a2dbf85d1066e91799999e6933506b9119278ebfdf2a4bee6ea1064681
SSDEEP

24576:rmNJca/1XplAiGSx2j59RQLyKodWpLYkUSOqf:S71Xpl4fj5gLue8kUSv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1972-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1972-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1404-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1404-24-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/1404-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1404-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1404	fd74cce85f6cc046eecb8fac37b582bf.exe

Executes dropped EXE 1 IoCs

pid	Process
1404	fd74cce85f6cc046eecb8fac37b582bf.exe

Loads dropped DLL 1 IoCs

pid	Process
1972	fd74cce85f6cc046eecb8fac37b582bf.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012261-10.dat	upx
behavioral1/files/0x000a000000012261-16.dat	upx
behavioral1/memory/1404-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/1972-15-0x00000000031F0000-0x0000000003502000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1972	fd74cce85f6cc046eecb8fac37b582bf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1972	fd74cce85f6cc046eecb8fac37b582bf.exe
1404	fd74cce85f6cc046eecb8fac37b582bf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1404	1972	fd74cce85f6cc046eecb8fac37b582bf.exe	19
PID 1972 wrote to memory of 1404	1972	fd74cce85f6cc046eecb8fac37b582bf.exe	19
PID 1972 wrote to memory of 1404	1972	fd74cce85f6cc046eecb8fac37b582bf.exe	19
PID 1972 wrote to memory of 1404	1972	fd74cce85f6cc046eecb8fac37b582bf.exe	19

C:\Users\Admin\AppData\Local\Temp\fd74cce85f6cc046eecb8fac37b582bf.exe
"C:\Users\Admin\AppData\Local\Temp\fd74cce85f6cc046eecb8fac37b582bf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\fd74cce85f6cc046eecb8fac37b582bf.exe
  C:\Users\Admin\AppData\Local\Temp\fd74cce85f6cc046eecb8fac37b582bf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fd74cce85f6cc046eecb8fac37b582bf.exe

Filesize
250KB

MD5
5b452d4dd7178f4cd615d182b10a960a

SHA1
dc4df9640e63955655075afcde6950e09c47af2b

SHA256
5910824c2260d5ce11ffafe5cae0b4912b8c3a267b5c25e7ff940ee6bc22fde3

SHA512
9226068db7625e8f78898fd013b1b14e87c1145e5427aebec54cb5f5f443dfa2f23a207e1e915867fe77748a6ac8776af0680e1041f036951fbdcfa16ec3e270

Download Submit
\Users\Admin\AppData\Local\Temp\fd74cce85f6cc046eecb8fac37b582bf.exe

Filesize
268KB

MD5
0f1a1f570982ecbbffc75c471ce5d800

SHA1
87007c440647b8ac75ae59c061f29f8a5c7ccc55

SHA256
3c0d7843ab5f3f196026cfd5f54d08b60c8884973e1362fdda792b90f692a44c

SHA512
27779c6be655d685d43108f5c9e5d6c7836bb286ef012b0ab2e2ff2c2716c79c3cdd8b434e43866cdcf87a2139b82ac99ace969ae27023a02c2405e8e6db4cfe

Download Submit
memory/1404-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1404-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1404-19-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/1404-24-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/1404-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1404-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1972-3-0x00000000002C0000-0x0000000000384000-memory.dmp

Filesize
784KB

Download
memory/1972-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1972-15-0x00000000031F0000-0x0000000003502000-memory.dmp

Filesize
3.1MB

Download
memory/1972-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1972-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download