xmrig | b74750109cd5995f85aafcf03a9beff5ec3fcf9003ba18724808ddef18981c80

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

014fc7ab3c40ff0022297260970db243.exe
Size

1.5MB
MD5

014fc7ab3c40ff0022297260970db243
SHA1

bc1e92e503e6ae388cd48b4bb37c8034728b4363
SHA256

b74750109cd5995f85aafcf03a9beff5ec3fcf9003ba18724808ddef18981c80
SHA512

02f1a7356fe28bdcde7f690df0b13e9a3203f7ec0c0fc6efc8f9fe7baf07cb45d365fad4f78feefd840ead7c2afa2efc7dd342230c37da2c0a7cd94ac80f5ee0
SSDEEP

49152:MuZzsdYY5axZ4q7woGv2YDNQHVx85311CZYwSc:MuZzrkeGv2YDN+P85311CZhSc

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/1420-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2140-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2140-27-0x0000000003090000-0x0000000003223000-memory.dmp	xmrig
behavioral1/memory/2140-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2140-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2140-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1420-15-0x00000000035D0000-0x00000000038E2000-memory.dmp	xmrig
behavioral1/memory/1420-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2140	014fc7ab3c40ff0022297260970db243.exe

Executes dropped EXE 1 IoCs

pid	Process
2140	014fc7ab3c40ff0022297260970db243.exe

Loads dropped DLL 1 IoCs

pid	Process
1420	014fc7ab3c40ff0022297260970db243.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1420-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000015626-10.dat	upx
behavioral1/memory/2140-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1420	014fc7ab3c40ff0022297260970db243.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1420	014fc7ab3c40ff0022297260970db243.exe
2140	014fc7ab3c40ff0022297260970db243.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2140	1420	014fc7ab3c40ff0022297260970db243.exe	18
PID 1420 wrote to memory of 2140	1420	014fc7ab3c40ff0022297260970db243.exe	18
PID 1420 wrote to memory of 2140	1420	014fc7ab3c40ff0022297260970db243.exe	18
PID 1420 wrote to memory of 2140	1420	014fc7ab3c40ff0022297260970db243.exe	18

C:\Users\Admin\AppData\Local\Temp\014fc7ab3c40ff0022297260970db243.exe
"C:\Users\Admin\AppData\Local\Temp\014fc7ab3c40ff0022297260970db243.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Users\Admin\AppData\Local\Temp\014fc7ab3c40ff0022297260970db243.exe
  C:\Users\Admin\AppData\Local\Temp\014fc7ab3c40ff0022297260970db243.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\014fc7ab3c40ff0022297260970db243.exe

Filesize
381KB

MD5
98f90fbf82e2327891af771ab300b546

SHA1
dd843a1f096984afdeec4c68ddc8af98e91a93a6

SHA256
4da2a708f3c1f1c76e587d4fb6949db2b2a9ddb7016227bc0621a7efe65e2f91

SHA512
b8e9c9d55538cd4a0329218079ce27886cb0ffeb96e56020543b75f827e69e6ab473529f45297a96e71468c1d7064178ec645c9e6e0a84724fdaa5f5ea10f9a9

Download Submit
memory/1420-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1420-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1420-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1420-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1420-15-0x00000000035D0000-0x00000000038E2000-memory.dmp

Filesize
3.1MB

Download
memory/2140-19-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2140-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2140-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2140-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2140-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2140-27-0x0000000003090000-0x0000000003223000-memory.dmp

Filesize
1.6MB

Download
memory/2140-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download