xmrig | 72409b0ab912becf69ce938620aef301f6339002043c38a0adef7d05345ba551

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28bde079fb4a3cabf6e6e08b52219368.exe
Size

784KB
MD5

28bde079fb4a3cabf6e6e08b52219368
SHA1

54003507048364f97b32a5189fb5e690a70c407b
SHA256

72409b0ab912becf69ce938620aef301f6339002043c38a0adef7d05345ba551
SHA512

ee9a9a3c330fc2e757e6054e470282b777aeeee7c9608a781b61db45032de05fd362bd78f000d7f66b1380050ea7bc7f38ff0f82cc214bd16022e95c7a05688c
SSDEEP

24576:dygF637fyeqGUxN+05w5MMFPX1QtGC+rPlkskeE3ypYo:a7qUUtOq9yWo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2236-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2156-26-0x0000000003030000-0x00000000031C3000-memory.dmp	xmrig
behavioral1/memory/2156-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2156-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2236-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2156-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2156-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2156	28bde079fb4a3cabf6e6e08b52219368.exe

Executes dropped EXE 1 IoCs

pid	Process
2156	28bde079fb4a3cabf6e6e08b52219368.exe

Loads dropped DLL 1 IoCs

pid	Process
2236	28bde079fb4a3cabf6e6e08b52219368.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012262-10.dat	upx
behavioral1/files/0x0009000000012262-16.dat	upx
behavioral1/memory/2156-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2236-15-0x00000000030E0000-0x00000000033F2000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2236	28bde079fb4a3cabf6e6e08b52219368.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2236	28bde079fb4a3cabf6e6e08b52219368.exe
2156	28bde079fb4a3cabf6e6e08b52219368.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2156	2236	28bde079fb4a3cabf6e6e08b52219368.exe	29
PID 2236 wrote to memory of 2156	2236	28bde079fb4a3cabf6e6e08b52219368.exe	29
PID 2236 wrote to memory of 2156	2236	28bde079fb4a3cabf6e6e08b52219368.exe	29
PID 2236 wrote to memory of 2156	2236	28bde079fb4a3cabf6e6e08b52219368.exe	29

C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe
"C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe
  C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe

Filesize
521KB

MD5
d125ae7ff256cd415b6d4c63505a8a82

SHA1
d9a21de5c276c643e7bfbbcf9fc79b2ed76b6ff0

SHA256
2d10860ab67af4fc5684fb7da7842bb2db30dde1e295b9100c2428c43d67bd69

SHA512
00a751209c657c676886443e1c72b11ac8be319ec20da9f6600e008815d2d8f67935c060cff45033e0b4331d0789143bb0afd7bfa5e9a770570c925550d2ed3d

Download Submit
memory/2156-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2156-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2156-19-0x00000000002C0000-0x0000000000384000-memory.dmp

Filesize
784KB

Download
memory/2156-26-0x0000000003030000-0x00000000031C3000-memory.dmp

Filesize
1.6MB

Download
memory/2156-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2156-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2156-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2236-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2236-2-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/2236-15-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/2236-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2236-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download