xmrig | 8d27ab85cc30df9aa4b2148490892fe6649ad8b3288c32ce5940a9869748cb72

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

299f31e52f03753ec60c50da6e3197b2.exe
Size

3.1MB
MD5

299f31e52f03753ec60c50da6e3197b2
SHA1

36cb8144e02fd9a9f9ace7d0689e7de24d93295d
SHA256

8d27ab85cc30df9aa4b2148490892fe6649ad8b3288c32ce5940a9869748cb72
SHA512

76b04b279746111d47012e48d3738db230c2f44b61c14edf14072912b9d9275ba3f41688bf080b8b7fd5cfb58383dade569b7eb127008299b76a7b488bfe4164
SSDEEP

98304:zU1MsiOJqkVu9EEvB19jVnasoqLjkU+nZg4:KMshqE+B19jVjNLoU+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2088-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2088-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2688-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2688-24-0x00000000032B0000-0x0000000003443000-memory.dmp	xmrig
behavioral1/memory/2688-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2688-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2688-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2688	299f31e52f03753ec60c50da6e3197b2.exe

Executes dropped EXE 1 IoCs

pid	Process
2688	299f31e52f03753ec60c50da6e3197b2.exe

Loads dropped DLL 1 IoCs

pid	Process
2088	299f31e52f03753ec60c50da6e3197b2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2088-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012246-10.dat	upx
behavioral1/memory/2088-14-0x0000000003890000-0x0000000003BA2000-memory.dmp	upx
behavioral1/memory/2688-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2088	299f31e52f03753ec60c50da6e3197b2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2088	299f31e52f03753ec60c50da6e3197b2.exe
2688	299f31e52f03753ec60c50da6e3197b2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2688	2088	299f31e52f03753ec60c50da6e3197b2.exe	29
PID 2088 wrote to memory of 2688	2088	299f31e52f03753ec60c50da6e3197b2.exe	29
PID 2088 wrote to memory of 2688	2088	299f31e52f03753ec60c50da6e3197b2.exe	29
PID 2088 wrote to memory of 2688	2088	299f31e52f03753ec60c50da6e3197b2.exe	29

C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe
"C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe
  C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe

Filesize
784KB

MD5
61a6bb744fcd2ad0774f6f31a3b0dd3b

SHA1
ff479e10a229c94de03c613ed03e9486b5f3a3ca

SHA256
3e27344847e308d71cb9143c4a03554fc9402b0bf57872c164d898dd23c00b25

SHA512
89ce038bc7ed876a2f47020f90c693d08d3b70fb333e5b8b8b209df9e1e98cedd4d2b70c5893684d698781827bbd68e59ccedddc8fe8fe65da0e0d3372d2d3eb

Download Submit
memory/2088-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2088-1-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2088-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2088-14-0x0000000003890000-0x0000000003BA2000-memory.dmp

Filesize
3.1MB

Download
memory/2088-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2688-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2688-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2688-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2688-24-0x00000000032B0000-0x0000000003443000-memory.dmp

Filesize
1.6MB

Download
memory/2688-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2688-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2688-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download