xmrig | f151ee1bb49dc41caa67ebf1de7fffa4983ace0cecbc72821bdf84d3c2511739

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15b4ba4337ff35cbfd2023548e9f76c1.exe
Size

1.5MB
MD5

15b4ba4337ff35cbfd2023548e9f76c1
SHA1

a30fbbc550a8c3b9980c94db9582ec271b0610ab
SHA256

f151ee1bb49dc41caa67ebf1de7fffa4983ace0cecbc72821bdf84d3c2511739
SHA512

a33e72c2991770f145187cf2609777590be439810a264007d9263bee1c129951e00d372b97e1e9237e3ab78db7c56af12b0ba6c63540cb28935bf36b2c589bd0
SSDEEP

24576:PvewBRJ/rylu0hxza9e1GX0WolaDMpxKAgx2xTF41iP4ifgYocqsDw37wSiBbaho:new9ryU0O9sy0WDMWN444dNUOxaaiU

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2392-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2392-15-0x00000000034B0000-0x00000000037C2000-memory.dmp	xmrig
behavioral1/memory/2392-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2136-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2136-24-0x0000000002FE0000-0x0000000003173000-memory.dmp	xmrig
behavioral1/memory/2136-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2136-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2136-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2136	15b4ba4337ff35cbfd2023548e9f76c1.exe

Executes dropped EXE 1 IoCs

pid	Process
2136	15b4ba4337ff35cbfd2023548e9f76c1.exe

Loads dropped DLL 1 IoCs

pid	Process
2392	15b4ba4337ff35cbfd2023548e9f76c1.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012247-10.dat	upx
behavioral1/files/0x0009000000012247-16.dat	upx
behavioral1/memory/2136-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2392	15b4ba4337ff35cbfd2023548e9f76c1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2392	15b4ba4337ff35cbfd2023548e9f76c1.exe
2136	15b4ba4337ff35cbfd2023548e9f76c1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2136	2392	15b4ba4337ff35cbfd2023548e9f76c1.exe	29
PID 2392 wrote to memory of 2136	2392	15b4ba4337ff35cbfd2023548e9f76c1.exe	29
PID 2392 wrote to memory of 2136	2392	15b4ba4337ff35cbfd2023548e9f76c1.exe	29
PID 2392 wrote to memory of 2136	2392	15b4ba4337ff35cbfd2023548e9f76c1.exe	29

C:\Users\Admin\AppData\Local\Temp\15b4ba4337ff35cbfd2023548e9f76c1.exe
"C:\Users\Admin\AppData\Local\Temp\15b4ba4337ff35cbfd2023548e9f76c1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\15b4ba4337ff35cbfd2023548e9f76c1.exe
  C:\Users\Admin\AppData\Local\Temp\15b4ba4337ff35cbfd2023548e9f76c1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15b4ba4337ff35cbfd2023548e9f76c1.exe

Filesize
78KB

MD5
901243526efc9e4a0581fb4118929562

SHA1
ab367f18b583b8602dd1786232e868446fd93d39

SHA256
51ff6e0cb198bef93ab635ffb7fe0156472a476aaa0437cd9a84d397824618f9

SHA512
b0f67f8db493326a971372ad1d475aae760249924e0bd988660127d53cb99bc4b93118cc740a7182e8c3a790db45e4fe4ff337aab1a1c3007920215ca9cb9a7f

Download Submit
\Users\Admin\AppData\Local\Temp\15b4ba4337ff35cbfd2023548e9f76c1.exe

Filesize
262KB

MD5
356becee65da0dfeff21e728a4f155eb

SHA1
45b8704d307bb7f000fed447ff335dbac7358e1e

SHA256
77f525b91ec84ac9ae08a943504e66dd5419d6bdef3e34b7ed48b37a9c98884a

SHA512
979fdcaa7b1fd8a4bf3eefc219203c9c1470c9139084a5b8a80c3344818713a66268ba3c9c842b0d0aab78413f0e9760070f6731effc2e634c492b1af2340271

Download Submit
memory/2136-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2136-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2136-19-0x0000000000300000-0x00000000003C4000-memory.dmp

Filesize
784KB

Download
memory/2136-24-0x0000000002FE0000-0x0000000003173000-memory.dmp

Filesize
1.6MB

Download
memory/2136-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2136-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2136-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2392-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2392-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2392-15-0x00000000034B0000-0x00000000037C2000-memory.dmp

Filesize
3.1MB

Download
memory/2392-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2392-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2392-36-0x00000000034B0000-0x00000000037C2000-memory.dmp

Filesize
3.1MB

Download