Overview

overview

10

Static

static

7

284c5478de...d1.exe

windows7-x64

10

284c5478de...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    284c5478de95dc4de157abc2446bd2d1.exe

  • Size

    1.5MB

  • MD5

    284c5478de95dc4de157abc2446bd2d1

  • SHA1

    b8e00fe6df15fa04b10b39629cef8dc0490e1853

  • SHA256

    d8cf3e5e1d2cb33c924ca5e76754ea3f4a11c9357e0fa09c146680b84873fac7

  • SHA512

    bf2abfb9aca02463cfda5580aefea67be3a0ee75d52389cbd9fb277245a7f3fde83f0602653f8de4e897fdb775a663f38ee07eeb54aa110292778eec44088f31

  • SSDEEP

    24576:nmYF1poZJD/4zf3zJGpqO0dZPqplZaZpOFmQlBDB72HoUX+wo7aEsyoWtdWYwNq+:pF2/4MqRdcplZ+OIGvdwomEsy5PQCY

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\284c5478de95dc4de157abc2446bd2d1.exe
    "C:\Users\Admin\AppData\Local\Temp\284c5478de95dc4de157abc2446bd2d1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\284c5478de95dc4de157abc2446bd2d1.exe
      C:\Users\Admin\AppData\Local\Temp\284c5478de95dc4de157abc2446bd2d1.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\284c5478de95dc4de157abc2446bd2d1.exe
    Filesize

    92KB

    MD5

    69e71610570669778d7648f3d35ca305

    SHA1

    2484dcfef9942497eb9c1cf34f9f0cb7e08f412a

    SHA256

    e8b2f8a766e259fae715e259f47c24701135ee5ad8f3757b4145d7ed5d426c2f

    SHA512

    992e26249731160e630639e3b8fc88163a70464b63e37ffa670d20a105321c2621ba4e6eaba24490424756c4b00e1cf26f43548718c26cb0d4b932f98be2e4d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\284c5478de95dc4de157abc2446bd2d1.exe
    Filesize

    249KB

    MD5

    4e3a0736dbc2021fa76b4c58e64fe276

    SHA1

    7601986a277cde77e73d4e75dc251aec8b1f382d

    SHA256

    94c74efb62b98195c0a1658fefa9cddd5d3501693b4735d73f11720261d6f8da

    SHA512

    1a0cad4d2c4fc46eb1fb6e9ed0bebc2a85dcf61c737262fc868751db96f89619aed61de7f72887e34c29246c98833b708413698eb43e095f3ab737d762cdd63a

    Download Submit

  • memory/1732-15-0x0000000003360000-0x0000000003672000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1732-2-0x0000000000320000-0x00000000003E4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/1732-1-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1732-14-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1732-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2796-19-0x0000000000120000-0x00000000001E4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2796-34-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2796-24-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2796-18-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2796-25-0x0000000003210000-0x00000000033A3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2796-17-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download