xmrig | db0771b0b88851e7530cdb811cf8f3490eaa936256d5cc9ece3cae32af198034

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23b65b0417acaaca43ace1c0bc689a99.exe
Size

784KB
MD5

23b65b0417acaaca43ace1c0bc689a99
SHA1

a1803cabe3da716308cdd59d5dbe238e5709afb5
SHA256

db0771b0b88851e7530cdb811cf8f3490eaa936256d5cc9ece3cae32af198034
SHA512

0f4092a2ea316b577dd7e7222857b6d6a81beaba5b42d6737461f893f009b64a2d9f17e21926ce29b16906ce7c7ceee09f2f287c8e3ad0ede24ca959d8f04b12
SSDEEP

24576:0uMtFVAjkdL+PoWNEqHUQxVXOGNFX/Vx:qtXnaPo6xdnjD

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2896-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2896-15-0x0000000003170000-0x0000000003482000-memory.dmp	xmrig
behavioral1/memory/3040-26-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/3040-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/3040-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/3040-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2896-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3040	23b65b0417acaaca43ace1c0bc689a99.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	23b65b0417acaaca43ace1c0bc689a99.exe

Loads dropped DLL 1 IoCs

pid	Process
2896	23b65b0417acaaca43ace1c0bc689a99.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2896-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/3040-18-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012251-16.dat	upx
behavioral1/files/0x000c000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2896	23b65b0417acaaca43ace1c0bc689a99.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2896	23b65b0417acaaca43ace1c0bc689a99.exe
3040	23b65b0417acaaca43ace1c0bc689a99.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 3040	2896	23b65b0417acaaca43ace1c0bc689a99.exe	15
PID 2896 wrote to memory of 3040	2896	23b65b0417acaaca43ace1c0bc689a99.exe	15
PID 2896 wrote to memory of 3040	2896	23b65b0417acaaca43ace1c0bc689a99.exe	15
PID 2896 wrote to memory of 3040	2896	23b65b0417acaaca43ace1c0bc689a99.exe	15

C:\Users\Admin\AppData\Local\Temp\23b65b0417acaaca43ace1c0bc689a99.exe
C:\Users\Admin\AppData\Local\Temp\23b65b0417acaaca43ace1c0bc689a99.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3040

C:\Users\Admin\AppData\Local\Temp\23b65b0417acaaca43ace1c0bc689a99.exe
"C:\Users\Admin\AppData\Local\Temp\23b65b0417acaaca43ace1c0bc689a99.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\23b65b0417acaaca43ace1c0bc689a99.exe

Filesize
20KB

MD5
d505b79f7af2ee6140bad4b40f43ef1b

SHA1
411f12d1a6f18430bf2c2e10a45013c74b30c6b5

SHA256
3609266da23eeebdcf9092b499905fad7ccdc0ec21197b6a174705be8a202c30

SHA512
36cffb3c569966da83a355f6c698f5484c2d1f4413a3755e67e94802f12524ed62b4b55e197fba858564949cae38a98ff4949705c50589d5c50075d95d800183

Download Submit
memory/2896-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2896-15-0x0000000003170000-0x0000000003482000-memory.dmp

Filesize
3.1MB

Download
memory/2896-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2896-35-0x0000000003170000-0x0000000003482000-memory.dmp

Filesize
3.1MB

Download
memory/2896-3-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2896-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3040-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3040-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3040-20-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/3040-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3040-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3040-26-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download