xmrig | 217a9d7e56e2344dd38065b2a77d97d23edecf6b41e4c31f00f3e63f0fc7c9d3

Analysis

max time kernel
159s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

238845ad06ee30ba45c2750339fa14a0.exe
Size

784KB
MD5

238845ad06ee30ba45c2750339fa14a0
SHA1

3fa3994252c68edcd51e7981ec16c785c996bb4c
SHA256

217a9d7e56e2344dd38065b2a77d97d23edecf6b41e4c31f00f3e63f0fc7c9d3
SHA512

181e01c0ef54e47020c45b9da62dd83bed0b35690af0f59e82d9134d1dcf80380f97d53f63b58900db24f18bc91101f7e5d7afdb5b53037eef2fee9ef9d87754
SSDEEP

24576:RktK+Q+4tGMMHTpuNrNGsImH4EL1Vee8fwhU:kr8GMwp6rYmHlfd2

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2772-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2772-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3948-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3948-20-0x0000000005490000-0x0000000005623000-memory.dmp	xmrig
behavioral2/memory/3948-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3948-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3948	238845ad06ee30ba45c2750339fa14a0.exe

Executes dropped EXE 1 IoCs

pid	Process
3948	238845ad06ee30ba45c2750339fa14a0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2772-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000001e0ce-11.dat	upx
behavioral2/memory/3948-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2772	238845ad06ee30ba45c2750339fa14a0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2772	238845ad06ee30ba45c2750339fa14a0.exe
3948	238845ad06ee30ba45c2750339fa14a0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 3948	2772	238845ad06ee30ba45c2750339fa14a0.exe	93
PID 2772 wrote to memory of 3948	2772	238845ad06ee30ba45c2750339fa14a0.exe	93
PID 2772 wrote to memory of 3948	2772	238845ad06ee30ba45c2750339fa14a0.exe	93

C:\Users\Admin\AppData\Local\Temp\238845ad06ee30ba45c2750339fa14a0.exe
"C:\Users\Admin\AppData\Local\Temp\238845ad06ee30ba45c2750339fa14a0.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\238845ad06ee30ba45c2750339fa14a0.exe
  C:\Users\Admin\AppData\Local\Temp\238845ad06ee30ba45c2750339fa14a0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\238845ad06ee30ba45c2750339fa14a0.exe

Filesize
784KB

MD5
b287b6c81c01fce0fd932ba4b284e9fa

SHA1
4d279ae662e78ac280ae5082741b655503e7071a

SHA256
3dec33828fdd7b6f37d3e79d81fa6afc2cc50e9fd54510e3bde014b17eaf6f36

SHA512
49bb266b6a7c78c4cfa33ce49e40159e74a8114633e72ab13246a125207afc89bfd0809562a9631995199c2ba8dbd069827d86fb557e060aada2802f52be17f8

Download Submit
memory/2772-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2772-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2772-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2772-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3948-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3948-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3948-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3948-20-0x0000000005490000-0x0000000005623000-memory.dmp

Filesize
1.6MB

Download
memory/3948-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3948-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download