xmrig | 02d6f7fa42b6f272b62c320a2989f938db7f4be91228a3b4eb45e748423b0e29

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1235dfd18d0f6df36733b1143d1cc330.exe
Size

784KB
MD5

1235dfd18d0f6df36733b1143d1cc330
SHA1

fc96a6910fe660ed53faba402a9bcca2a6bc4578
SHA256

02d6f7fa42b6f272b62c320a2989f938db7f4be91228a3b4eb45e748423b0e29
SHA512

79bfb7826189c05d2688e03969c2db0e9f2ad75d99e248a5256a083f804e5e372a265975f2859cb0f5ab322e6287bb22a1ec3a57a76c7879fdaf242e90147625
SSDEEP

12288:VkWLkT2kMoA/Bfum/8q4+5E8OiyD1rEgnjJald1G1zshb5mZfYT5+7IBRPZO1/RZ:fLki7odg8mE79FLc01zsCGtz2/YB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2652-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2652-25-0x0000000003200000-0x0000000003393000-memory.dmp	xmrig
behavioral1/memory/2652-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2652-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2652	1235dfd18d0f6df36733b1143d1cc330.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	1235dfd18d0f6df36733b1143d1cc330.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	1235dfd18d0f6df36733b1143d1cc330.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012232-10.dat	upx
behavioral1/memory/1636-15-0x0000000003100000-0x0000000003412000-memory.dmp	upx
behavioral1/memory/2652-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1636	1235dfd18d0f6df36733b1143d1cc330.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1636	1235dfd18d0f6df36733b1143d1cc330.exe
2652	1235dfd18d0f6df36733b1143d1cc330.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2652	1636	1235dfd18d0f6df36733b1143d1cc330.exe	29
PID 1636 wrote to memory of 2652	1636	1235dfd18d0f6df36733b1143d1cc330.exe	29
PID 1636 wrote to memory of 2652	1636	1235dfd18d0f6df36733b1143d1cc330.exe	29
PID 1636 wrote to memory of 2652	1636	1235dfd18d0f6df36733b1143d1cc330.exe	29

C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
"C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
  C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe

Filesize
784KB

MD5
89822613e93063eba332369b656f77f7

SHA1
c3233214ecc52013e2bce5fbb88db6bc41b5ef44

SHA256
76e7700cb6cbc84fd1eef74ace6b73061e26ef15dcdbf2f5e866708a38d756ed

SHA512
25911d4cc3975d8371a5366bbbc25a092dd2340118eb4de4501524c40fade1d670312d4cc12bd5a86f5c502dea9390d0b05db8d12b6ccbc1a3ecdea402efba3e

Download Submit
memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1636-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1636-15-0x0000000003100000-0x0000000003412000-memory.dmp

Filesize
3.1MB

Download
memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2652-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2652-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2652-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2652-25-0x0000000003200000-0x0000000003393000-memory.dmp

Filesize
1.6MB

Download
memory/2652-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2652-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download