xmrig | d31bf642ea31d1fc78181abd01dfa6648a9f78ac0d1f1ca2e3a0a43fb54dae3e

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ede067539cc4e65568186a5e7fc1578.exe
Size

784KB
MD5

0ede067539cc4e65568186a5e7fc1578
SHA1

423bc567c0d77d101a8191cd0589b1dd250feee5
SHA256

d31bf642ea31d1fc78181abd01dfa6648a9f78ac0d1f1ca2e3a0a43fb54dae3e
SHA512

a78e28262ae344942e680612d5f78b3e1fa2ccf6ff0e83b7c915002dd2ce5ec88452a6ff526570a276154b41383064ddeccca5930ab026db6e259d7de7621197
SSDEEP

12288:VtGTAc6slaAlOtdL7WxOo0vh/W3VJX/1dPmj0MTH0RMweCAwCvdtfSTzI4jjgC:Xcva/R5KvKYowCvdtfSPIC

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/1712-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1712-15-0x0000000003120000-0x0000000003432000-memory.dmp	xmrig
behavioral1/memory/2388-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2388-25-0x0000000003230000-0x00000000033C3000-memory.dmp	xmrig
behavioral1/memory/2388-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2388-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2388-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1712-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2388	0ede067539cc4e65568186a5e7fc1578.exe

Executes dropped EXE 1 IoCs

pid	Process
2388	0ede067539cc4e65568186a5e7fc1578.exe

Loads dropped DLL 1 IoCs

pid	Process
1712	0ede067539cc4e65568186a5e7fc1578.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000014120-10.dat	upx
behavioral1/memory/2388-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1712	0ede067539cc4e65568186a5e7fc1578.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1712	0ede067539cc4e65568186a5e7fc1578.exe
2388	0ede067539cc4e65568186a5e7fc1578.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2388	1712	0ede067539cc4e65568186a5e7fc1578.exe	29
PID 1712 wrote to memory of 2388	1712	0ede067539cc4e65568186a5e7fc1578.exe	29
PID 1712 wrote to memory of 2388	1712	0ede067539cc4e65568186a5e7fc1578.exe	29
PID 1712 wrote to memory of 2388	1712	0ede067539cc4e65568186a5e7fc1578.exe	29

C:\Users\Admin\AppData\Local\Temp\0ede067539cc4e65568186a5e7fc1578.exe
"C:\Users\Admin\AppData\Local\Temp\0ede067539cc4e65568186a5e7fc1578.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\0ede067539cc4e65568186a5e7fc1578.exe
  C:\Users\Admin\AppData\Local\Temp\0ede067539cc4e65568186a5e7fc1578.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\0ede067539cc4e65568186a5e7fc1578.exe

Filesize
784KB

MD5
7b90cd242befe7b2edc4f4b69d9d9b67

SHA1
07debdc0124a7184bdd96757008ce59281569418

SHA256
6e59fe9d2d02825e708461295fed7d9442e73b8dbc832dbeaadf043296bd3c65

SHA512
8e290ea4bcfd74076c4065a0001b4979878289916922878c3d0410d7566328afa398742dff25ca6e55354a9be53432250adbbb301c84d84209f737256d5d465f

Download Submit
memory/1712-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1712-2-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/1712-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1712-15-0x0000000003120000-0x0000000003432000-memory.dmp

Filesize
3.1MB

Download
memory/1712-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2388-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2388-25-0x0000000003230000-0x00000000033C3000-memory.dmp

Filesize
1.6MB

Download
memory/2388-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2388-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2388-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2388-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2388-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download