xmrig | 31f0531f3d3a9b0a4b3c405cca434c532b3be71675c04d8580c81712b4c11dba

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

114db0775592ad5b6f570c3925e95a4c.exe
Size

784KB
MD5

114db0775592ad5b6f570c3925e95a4c
SHA1

6fa89c3f345007bf07a12b743b10e7e3120f5667
SHA256

31f0531f3d3a9b0a4b3c405cca434c532b3be71675c04d8580c81712b4c11dba
SHA512

6922157ab0e7429d798cde936af13f98deaa1715c0348d727a09059fd4b64f0a4fe44938bd8252ab99a2b9aba281fd854597aec86d4f1fd9159170783a76b102
SSDEEP

24576:u4VPDiiEDuWsnlw9gVeDjh8Pg1gXcII24Lqfr:rPual0+eD4jDI6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1928-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1928-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2112-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2112-25-0x0000000002FD0000-0x0000000003163000-memory.dmp	xmrig
behavioral1/memory/2112-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2112-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2112-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2112	114db0775592ad5b6f570c3925e95a4c.exe

Executes dropped EXE 1 IoCs

pid	Process
2112	114db0775592ad5b6f570c3925e95a4c.exe

Loads dropped DLL 1 IoCs

pid	Process
1928	114db0775592ad5b6f570c3925e95a4c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1928-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012234-14.dat	upx
behavioral1/files/0x000b000000012234-10.dat	upx
behavioral1/memory/2112-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1928	114db0775592ad5b6f570c3925e95a4c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1928	114db0775592ad5b6f570c3925e95a4c.exe
2112	114db0775592ad5b6f570c3925e95a4c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2112	1928	114db0775592ad5b6f570c3925e95a4c.exe	19
PID 1928 wrote to memory of 2112	1928	114db0775592ad5b6f570c3925e95a4c.exe	19
PID 1928 wrote to memory of 2112	1928	114db0775592ad5b6f570c3925e95a4c.exe	19
PID 1928 wrote to memory of 2112	1928	114db0775592ad5b6f570c3925e95a4c.exe	19

C:\Users\Admin\AppData\Local\Temp\114db0775592ad5b6f570c3925e95a4c.exe
"C:\Users\Admin\AppData\Local\Temp\114db0775592ad5b6f570c3925e95a4c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\Temp\114db0775592ad5b6f570c3925e95a4c.exe
  C:\Users\Admin\AppData\Local\Temp\114db0775592ad5b6f570c3925e95a4c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\114db0775592ad5b6f570c3925e95a4c.exe

Filesize
381KB

MD5
a4bee83516e6904f36ed228c402c235d

SHA1
1a6a939e43b2b04f82196e2a71d45f656720ad88

SHA256
15d9b21a44826c83746c588ef23ed20fc5ab51aa7718b9498f07ed2aaf79e128

SHA512
92f646a16b870c79e18e2adcb1296e3ef78768dc7c8425a1447bdcce937ac0a8acde4731198879e818f0454a63e3036300967b256abf10a35182d757313e3805

Download Submit
\Users\Admin\AppData\Local\Temp\114db0775592ad5b6f570c3925e95a4c.exe

Filesize
93KB

MD5
3425efe43820e8d9ebe40ca5646d10e0

SHA1
fefac13ab8f2c45289698ec0cec75035999f1a80

SHA256
640b64ade754a66c4a9d100836d957ddac65536fd1b86a2c14c60fdd4f132ba6

SHA512
b79d8fc953479c118782ceeabb0dc62582c2cd5bd1121fb9930ba8bd58cfe2f0e71fae13beb6590067a55ed468d8e1a4cb16fc6bfe494c6752d8f7f8fc20df19

Download Submit
memory/1928-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1928-2-0x00000000002C0000-0x0000000000384000-memory.dmp

Filesize
784KB

Download
memory/1928-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1928-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2112-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2112-18-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/2112-25-0x0000000002FD0000-0x0000000003163000-memory.dmp

Filesize
1.6MB

Download
memory/2112-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2112-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2112-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2112-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download