xmrig | 3d65556352a7f947ada33ac9c207746dc9eb6364d737b50284705aa1d258845e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

004073126112d86b7a93c96ea78385fe.exe
Size

784KB
MD5

004073126112d86b7a93c96ea78385fe
SHA1

8ab8443db838eaac0332caa4a683c3aeb3b81224
SHA256

3d65556352a7f947ada33ac9c207746dc9eb6364d737b50284705aa1d258845e
SHA512

da6e9727d73cdfde512a4611697d706f29d80ea8c9988c37169d22f279ed6afb37c29968b1282d5896baea153f9bea4c1482ac5b9afc92c5cf02270f3a9c13bb
SSDEEP

12288:2XyWhpZOEL02AlFFTfyLlmJqBOKmejDYhHciqvgxVzgpw093bfWODJmJn8Rtpl:tKZLgp3wBOHlKDQVzH0lLW+48RPl

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/1936-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2660-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2660-19-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2660-27-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/2660-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2660-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1936-16-0x00000000031B0000-0x00000000034C2000-memory.dmp	xmrig
behavioral1/memory/1936-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2660	004073126112d86b7a93c96ea78385fe.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	004073126112d86b7a93c96ea78385fe.exe

Loads dropped DLL 1 IoCs

pid	Process
1936	004073126112d86b7a93c96ea78385fe.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-10.dat	upx
behavioral1/files/0x000b00000001224d-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1936	004073126112d86b7a93c96ea78385fe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1936	004073126112d86b7a93c96ea78385fe.exe
2660	004073126112d86b7a93c96ea78385fe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2660	1936	004073126112d86b7a93c96ea78385fe.exe	15
PID 1936 wrote to memory of 2660	1936	004073126112d86b7a93c96ea78385fe.exe	15
PID 1936 wrote to memory of 2660	1936	004073126112d86b7a93c96ea78385fe.exe	15
PID 1936 wrote to memory of 2660	1936	004073126112d86b7a93c96ea78385fe.exe	15

C:\Users\Admin\AppData\Local\Temp\004073126112d86b7a93c96ea78385fe.exe
C:\Users\Admin\AppData\Local\Temp\004073126112d86b7a93c96ea78385fe.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2660

C:\Users\Admin\AppData\Local\Temp\004073126112d86b7a93c96ea78385fe.exe
"C:\Users\Admin\AppData\Local\Temp\004073126112d86b7a93c96ea78385fe.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\004073126112d86b7a93c96ea78385fe.exe

Filesize
92KB

MD5
612c6c12ef1a9851526c8d799b032728

SHA1
a53ea007ec7a28f0538948da609e1eb9f4d0402f

SHA256
3298948aa902a91c1d2f88a4b62ba8f6b3f2bf00254c5286706ef92b3449460e

SHA512
ba3c5f5b99422f11253cc46369d185815393f8d9c31b85a10a04513c72ef5495cca6fbab87861707c4c2695464fbfff513fa369adb0cb7cfa1bafd6468fdf120

Download Submit
\Users\Admin\AppData\Local\Temp\004073126112d86b7a93c96ea78385fe.exe

Filesize
63KB

MD5
400371ff848b6c63b778bbf10bf5477f

SHA1
83fcf567b8cbefd405ef8e97672dbccd99e4d6d3

SHA256
050a5a845b77df0143a5a5a1ebd5e018208f7aa8d8213ebf541f51466638a66c

SHA512
4a5c59fcaa12c3624705cab03c8ce60d872545413114a3511e6c9f7d2af88f256fffbede9c8fbbb64db1f201799cd0c134292525487601e5f91726f83df36213

Download Submit
memory/1936-16-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download
memory/1936-3-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/1936-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1936-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1936-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2660-21-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2660-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2660-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2660-27-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/2660-19-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2660-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download