xmrig | 72409b0ab912becf69ce938620aef301f6339002043c38a0adef7d05345ba551

Analysis

max time kernel
150s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28bde079fb4a3cabf6e6e08b52219368.exe
Size

784KB
MD5

28bde079fb4a3cabf6e6e08b52219368
SHA1

54003507048364f97b32a5189fb5e690a70c407b
SHA256

72409b0ab912becf69ce938620aef301f6339002043c38a0adef7d05345ba551
SHA512

ee9a9a3c330fc2e757e6054e470282b777aeeee7c9608a781b61db45032de05fd362bd78f000d7f66b1380050ea7bc7f38ff0f82cc214bd16022e95c7a05688c
SSDEEP

24576:dygF637fyeqGUxN+05w5MMFPX1QtGC+rPlkskeE3ypYo:a7qUUtOq9yWo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1932-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1932-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4856-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4856-20-0x00000000053B0000-0x0000000005543000-memory.dmp	xmrig
behavioral2/memory/4856-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4856-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4856	28bde079fb4a3cabf6e6e08b52219368.exe

Executes dropped EXE 1 IoCs

pid	Process
4856	28bde079fb4a3cabf6e6e08b52219368.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1932-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0006000000023121-11.dat	upx
behavioral2/memory/4856-12-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1932	28bde079fb4a3cabf6e6e08b52219368.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1932	28bde079fb4a3cabf6e6e08b52219368.exe
4856	28bde079fb4a3cabf6e6e08b52219368.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 4856	1932	28bde079fb4a3cabf6e6e08b52219368.exe	90
PID 1932 wrote to memory of 4856	1932	28bde079fb4a3cabf6e6e08b52219368.exe	90
PID 1932 wrote to memory of 4856	1932	28bde079fb4a3cabf6e6e08b52219368.exe	90

C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe
"C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe
  C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\28bde079fb4a3cabf6e6e08b52219368.exe

Filesize
784KB

MD5
01f1de2eaef2c3bf10ad5b5bc3f2b57c

SHA1
4ac6ea23656a7d908dfc65011ccf083c709072b6

SHA256
d0199196459f952911e04f9bbbd5a8329647fcf547d9ae6dd699847def16d825

SHA512
f70582500c7dbcf046679ad453701530611947398e3ae1af3cb342878689efb6daafcc671c2ea6c14e45eea8ccb2eb59ecb0aaad98d64c67123330689c4b5e71

Download Submit
memory/1932-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1932-1-0x00000000019D0000-0x0000000001A94000-memory.dmp

Filesize
784KB

Download
memory/1932-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1932-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4856-12-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4856-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4856-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4856-20-0x00000000053B0000-0x0000000005543000-memory.dmp

Filesize
1.6MB

Download
memory/4856-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4856-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download