xmrig | 03b98d0f5ac74f2cc761db1c34fb36c88f2e026769459eea0b9b9d3ea8312ff9

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fad9fbf89d7103f7c2c1d58011ec094.exe
Size

1.5MB
MD5

0fad9fbf89d7103f7c2c1d58011ec094
SHA1

c4d3a84075af1416a94e43d15df8eb92b4a7ceba
SHA256

03b98d0f5ac74f2cc761db1c34fb36c88f2e026769459eea0b9b9d3ea8312ff9
SHA512

6691e8cd33bfc3adc8da209a0aa87995a43777597c07a7783c043cac17d0914b231eea0a84a729f573454fc5a36619c4d2013739008998622ff00839976b305a
SSDEEP

24576:hp3dpf1YHlKMnMlg1wqCIHzZKQfZakPJWPoUrB3A9n4YWmgeX04MXx2kSMvsWAOz:dsHl7SqCuflc5+M5eE4Mgk8O

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4880-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4880-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2956-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2956-21-0x00000000054B0000-0x0000000005643000-memory.dmp	xmrig
behavioral2/memory/2956-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2956-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2956	0fad9fbf89d7103f7c2c1d58011ec094.exe

Executes dropped EXE 1 IoCs

pid	Process
2956	0fad9fbf89d7103f7c2c1d58011ec094.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4880-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/2956-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000f000000023164-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4880	0fad9fbf89d7103f7c2c1d58011ec094.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4880	0fad9fbf89d7103f7c2c1d58011ec094.exe
2956	0fad9fbf89d7103f7c2c1d58011ec094.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 2956	4880	0fad9fbf89d7103f7c2c1d58011ec094.exe	94
PID 4880 wrote to memory of 2956	4880	0fad9fbf89d7103f7c2c1d58011ec094.exe	94
PID 4880 wrote to memory of 2956	4880	0fad9fbf89d7103f7c2c1d58011ec094.exe	94

C:\Users\Admin\AppData\Local\Temp\0fad9fbf89d7103f7c2c1d58011ec094.exe
"C:\Users\Admin\AppData\Local\Temp\0fad9fbf89d7103f7c2c1d58011ec094.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Users\Admin\AppData\Local\Temp\0fad9fbf89d7103f7c2c1d58011ec094.exe
  C:\Users\Admin\AppData\Local\Temp\0fad9fbf89d7103f7c2c1d58011ec094.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0fad9fbf89d7103f7c2c1d58011ec094.exe

Filesize
92KB

MD5
981dc6acf55899cf9e8da3e509c478be

SHA1
fc77bca0107aa87152e01d35a0a5a9dcdef017d4

SHA256
ecd6d4db83f9a37784035a24fb3550773a0fa4ac15333b8f03535d294e804fd2

SHA512
2e72b30b8933eb319568afe80434415c6c8b6fc0f8018d789836524b7de0e7e5ddebfeb259ce2009b5da8d6522ccad8470987ff1f4ab9c960109569f09b444b4

Download Submit
memory/2956-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2956-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2956-14-0x0000000001920000-0x00000000019E4000-memory.dmp

Filesize
784KB

Download
memory/2956-21-0x00000000054B0000-0x0000000005643000-memory.dmp

Filesize
1.6MB

Download
memory/2956-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2956-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4880-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4880-1-0x0000000001A10000-0x0000000001AD4000-memory.dmp

Filesize
784KB

Download
memory/4880-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4880-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download