Overview

overview

10

Static

static

7

1235dfd18d...30.exe

windows7-x64

10

1235dfd18d...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 07:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1235dfd18d0f6df36733b1143d1cc330.exe

  • Size

    784KB

  • MD5

    1235dfd18d0f6df36733b1143d1cc330

  • SHA1

    fc96a6910fe660ed53faba402a9bcca2a6bc4578

  • SHA256

    02d6f7fa42b6f272b62c320a2989f938db7f4be91228a3b4eb45e748423b0e29

  • SHA512

    79bfb7826189c05d2688e03969c2db0e9f2ad75d99e248a5256a083f804e5e372a265975f2859cb0f5ab322e6287bb22a1ec3a57a76c7879fdaf242e90147625

  • SSDEEP

    12288:VkWLkT2kMoA/Bfum/8q4+5E8OiyD1rEgnjJald1G1zshb5mZfYT5+7IBRPZO1/RZ:fLki7odg8mE79FLc01zsCGtz2/YB

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
    "C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
      C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2348

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1235dfd18d0f6df36733b1143d1cc330.exe
          Filesize

          784KB

          MD5

          5d24db24078ba380f6fa326a14bdabea

          SHA1

          f192227fee70775187a3fa72a5b365dd24ce50f1

          SHA256

          d5c41512c741732dda76f090ecec9c2d6aa0943d996d0ca28ad00802c2a15427

          SHA512

          4cb9da88a34aeb36e071d1ca163d33de25ae29b3e1bf9afbb0e87941fea5b35a334a94bd049b1bb1c565035ad90d4f7b43ae9796262e03d24733855c0f38d8cb

          Download Submit

        • memory/2348-13-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2348-15-0x0000000001910000-0x00000000019D4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/2348-14-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2348-20-0x0000000005450000-0x00000000055E3000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2348-21-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2348-30-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/4976-0-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4976-1-0x0000000001A30000-0x0000000001AF4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/4976-2-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4976-12-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download