xmrig | 953f78c3b738eb69fdd671acc51d6ade46a7256fdf5bf0843413e4bd3a9f7c6a

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

071a56231a23291212c9e246867b0219.exe
Size

784KB
MD5

071a56231a23291212c9e246867b0219
SHA1

b49fd8d951cd35ca710d3e1e33cc250458755a77
SHA256

953f78c3b738eb69fdd671acc51d6ade46a7256fdf5bf0843413e4bd3a9f7c6a
SHA512

1e95eb68ccffcb88bc5461016b54079a9e80edf7f8667dcaf33ebf0419873bd7078e63946589c5c6a1bbcd4cd7b592b258c63cb58104977cf4bc2a64fd54b681
SSDEEP

24576:0ZNf5n1U/lxt1TyTjtsAyygasAnSYjas+nS:K14rt8T0yVFjas+S

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/1864-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1864-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3736-21-0x0000000005320000-0x00000000054B3000-memory.dmp	xmrig
behavioral2/memory/3736-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3736-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3736-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3736-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3736	071a56231a23291212c9e246867b0219.exe

Executes dropped EXE 1 IoCs

pid	Process
3736	071a56231a23291212c9e246867b0219.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1864-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/3736-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1864	071a56231a23291212c9e246867b0219.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1864	071a56231a23291212c9e246867b0219.exe
3736	071a56231a23291212c9e246867b0219.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 3736	1864	071a56231a23291212c9e246867b0219.exe	24
PID 1864 wrote to memory of 3736	1864	071a56231a23291212c9e246867b0219.exe	24
PID 1864 wrote to memory of 3736	1864	071a56231a23291212c9e246867b0219.exe	24

C:\Users\Admin\AppData\Local\Temp\071a56231a23291212c9e246867b0219.exe
"C:\Users\Admin\AppData\Local\Temp\071a56231a23291212c9e246867b0219.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Users\Admin\AppData\Local\Temp\071a56231a23291212c9e246867b0219.exe
  C:\Users\Admin\AppData\Local\Temp\071a56231a23291212c9e246867b0219.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\071a56231a23291212c9e246867b0219.exe

Filesize
45KB

MD5
ca6fb2c49c593c5c2ae57740b047b565

SHA1
8df0ea171d23137606d4758f49249eb8dcda580d

SHA256
e964d3da6e377876b775c279282a07946189e9599f49c7190a5100a13f5dbfee

SHA512
455765ada3c60d1eb52fada44b3e568702ff3d206552984b219adcdafbfce91cd616e386551b93dfec4e8d4baacf630b2ede03eae3b30d78ddde5b7b216a5337

Download Submit
memory/1864-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1864-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1864-1-0x00000000019C0000-0x0000000001A84000-memory.dmp

Filesize
784KB

Download
memory/1864-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3736-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3736-21-0x0000000005320000-0x00000000054B3000-memory.dmp

Filesize
1.6MB

Download
memory/3736-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3736-15-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/3736-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3736-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3736-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download