xmrig | 4ead3f756dc22db9c01cbbd9a79f7ceaedc25c7631725d560235262a01344d3c

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe
Size

784KB
MD5

234cf8a9f3f5bbbd6fabd5c3bcf406a7
SHA1

ff19aaf0afac17d427d8d24d6e01fd3270e59689
SHA256

4ead3f756dc22db9c01cbbd9a79f7ceaedc25c7631725d560235262a01344d3c
SHA512

408de86c5399fd0fd190773cca690a09f6e6c05b4b778836bbc3c852706e13e50bebd630ac73abf7b57719c9add7358b7ed010443b649fc9bdb2ddbe13d0d4ac
SSDEEP

24576:BDTv1qL/S1fldMa4PqLPpBBGZNFTJL+lx1:51qL/Y14ePAZNFTY71

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2952-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2356-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2356-26-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2356-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2356-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2952-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2356	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe

Executes dropped EXE 1 IoCs

pid	Process
2356	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe

Loads dropped DLL 1 IoCs

pid	Process
2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000013a1a-10.dat	upx
behavioral1/memory/2952-15-0x00000000031B0000-0x00000000034C2000-memory.dmp	upx
behavioral1/memory/2356-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe
2356	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2356	2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe	15
PID 2952 wrote to memory of 2356	2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe	15
PID 2952 wrote to memory of 2356	2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe	15
PID 2952 wrote to memory of 2356	2952	234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe	15

C:\Users\Admin\AppData\Local\Temp\234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe
C:\Users\Admin\AppData\Local\Temp\234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2356

C:\Users\Admin\AppData\Local\Temp\234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe
"C:\Users\Admin\AppData\Local\Temp\234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\234cf8a9f3f5bbbd6fabd5c3bcf406a7.exe

Filesize
382KB

MD5
7fe7287ad1c22773011758cd13e209fc

SHA1
326f36afdbd2ec03c4889daadaa62d8d3d66505a

SHA256
8de1dc12da6a55372e156dc6e3ef9bfa31d843fbe4b110a9772490a87f884e03

SHA512
ce5dc315776345239af96444886e53dd8fbf247aef936c39cb30c19ce4b9bbce51a18a3226ae8fc204479dbf293fbc3d63a3503ff704167f92a20d52db238c8a

Download Submit
memory/2356-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2356-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2356-26-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2356-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2356-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2356-20-0x0000000000310000-0x00000000003D4000-memory.dmp

Filesize
784KB

Download
memory/2952-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2952-15-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download
memory/2952-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2952-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2952-4-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2952-35-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download