xmrig | 75d2d1ae6d7355c1a46cef071205580205d3e5121d476665c2c45eee5cbe8fa8

Analysis

max time kernel
162s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

284a0d9f549bd05a5bcd42c98d0e6e07.exe
Size

784KB
MD5

284a0d9f549bd05a5bcd42c98d0e6e07
SHA1

f9e01d0c320d84bd88f1cf9ae86c145977822b94
SHA256

75d2d1ae6d7355c1a46cef071205580205d3e5121d476665c2c45eee5cbe8fa8
SHA512

211cdf441e213bf79d81a83ffdfc35f64dcc5bdad04e546c4b455c983448f620650495a8f47271bc005fe859a53f067734fa811a2189a6755163334161a6ea4a
SSDEEP

24576:YC8zu48c6CvNXuvCs9FPtvSpvPDrz7VmSxSZFo:Y5F8fCv14CMXv6Xz7IVZC

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2332-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2332-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2008-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2008-20-0x00000000054D0000-0x0000000005663000-memory.dmp	xmrig
behavioral2/memory/2008-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2008-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2008	284a0d9f549bd05a5bcd42c98d0e6e07.exe

Executes dropped EXE 1 IoCs

pid	Process
2008	284a0d9f549bd05a5bcd42c98d0e6e07.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2332-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/2008-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	284a0d9f549bd05a5bcd42c98d0e6e07.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2332	284a0d9f549bd05a5bcd42c98d0e6e07.exe
2008	284a0d9f549bd05a5bcd42c98d0e6e07.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2008	2332	284a0d9f549bd05a5bcd42c98d0e6e07.exe	92
PID 2332 wrote to memory of 2008	2332	284a0d9f549bd05a5bcd42c98d0e6e07.exe	92
PID 2332 wrote to memory of 2008	2332	284a0d9f549bd05a5bcd42c98d0e6e07.exe	92

C:\Users\Admin\AppData\Local\Temp\284a0d9f549bd05a5bcd42c98d0e6e07.exe
"C:\Users\Admin\AppData\Local\Temp\284a0d9f549bd05a5bcd42c98d0e6e07.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\284a0d9f549bd05a5bcd42c98d0e6e07.exe
  C:\Users\Admin\AppData\Local\Temp\284a0d9f549bd05a5bcd42c98d0e6e07.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2008-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2008-16-0x0000000001910000-0x00000000019D4000-memory.dmp

Filesize
784KB

Download
memory/2008-20-0x00000000054D0000-0x0000000005663000-memory.dmp

Filesize
1.6MB

Download
memory/2008-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2008-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2332-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2332-1-0x0000000001A30000-0x0000000001AF4000-memory.dmp

Filesize
784KB

Download
memory/2332-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2332-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download