xmrig | 6a8b620c325c0c6a5c4722902d21be14aafcd387652b97861256ee92c5445733

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01d61d7b1ad969a101aa9428be70b2d6.exe
Size

784KB
MD5

01d61d7b1ad969a101aa9428be70b2d6
SHA1

441718102cbc591455d099344c003b827c5bb7aa
SHA256

6a8b620c325c0c6a5c4722902d21be14aafcd387652b97861256ee92c5445733
SHA512

2f3ffc0f9073dc3300c98993814138b94f18668b8bef15edcd4b4a159eba06f8cec2646cb3479b37842bbdc7750141d75c93636f32d607d852c7c9f9610b707d
SSDEEP

12288:7SxahmdcpfRDrZIVz8sMuq3wbM+IQMvkoArpnNc+IgK/Iz0CeKer7:7CanxRPZ3uq3wbMvfAr1LeEkKe

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1492-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1484-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1492-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1484-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1484-20-0x00000000053A0000-0x0000000005533000-memory.dmp	xmrig
behavioral2/memory/1484-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1484	01d61d7b1ad969a101aa9428be70b2d6.exe

Executes dropped EXE 1 IoCs

pid	Process
1484	01d61d7b1ad969a101aa9428be70b2d6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1492-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/1484-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023209-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1492	01d61d7b1ad969a101aa9428be70b2d6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1492	01d61d7b1ad969a101aa9428be70b2d6.exe
1484	01d61d7b1ad969a101aa9428be70b2d6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1484	1492	01d61d7b1ad969a101aa9428be70b2d6.exe	24
PID 1492 wrote to memory of 1484	1492	01d61d7b1ad969a101aa9428be70b2d6.exe	24
PID 1492 wrote to memory of 1484	1492	01d61d7b1ad969a101aa9428be70b2d6.exe	24

C:\Users\Admin\AppData\Local\Temp\01d61d7b1ad969a101aa9428be70b2d6.exe
"C:\Users\Admin\AppData\Local\Temp\01d61d7b1ad969a101aa9428be70b2d6.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\01d61d7b1ad969a101aa9428be70b2d6.exe
  C:\Users\Admin\AppData\Local\Temp\01d61d7b1ad969a101aa9428be70b2d6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\01d61d7b1ad969a101aa9428be70b2d6.exe

Filesize
784KB

MD5
568be40d6387df710cfa1613370af412

SHA1
6cd7cf1b1101a77717c31cb7164be18b9164b324

SHA256
3838bff50aec559c775f032eef3e9f11aca331c995e9c7b9925adf783b7cc960

SHA512
d779bb1f1e0b7b8800bf43ed41be6ac76bd39a0f30b49ad3bb1182243356c8470aa0e014f8b560fb16d671cdd79ca284c556c101551103fac632a9ed688ed59a

Download Submit
memory/1484-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1484-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1484-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1484-20-0x00000000053A0000-0x0000000005533000-memory.dmp

Filesize
1.6MB

Download
memory/1484-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1484-16-0x00000000019B0000-0x0000000001A74000-memory.dmp

Filesize
784KB

Download
memory/1492-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1492-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1492-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1492-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download