xmrig | 8d27ab85cc30df9aa4b2148490892fe6649ad8b3288c32ce5940a9869748cb72

Analysis

max time kernel
176s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

299f31e52f03753ec60c50da6e3197b2.exe
Size

3.1MB
MD5

299f31e52f03753ec60c50da6e3197b2
SHA1

36cb8144e02fd9a9f9ace7d0689e7de24d93295d
SHA256

8d27ab85cc30df9aa4b2148490892fe6649ad8b3288c32ce5940a9869748cb72
SHA512

76b04b279746111d47012e48d3738db230c2f44b61c14edf14072912b9d9275ba3f41688bf080b8b7fd5cfb58383dade569b7eb127008299b76a7b488bfe4164
SSDEEP

98304:zU1MsiOJqkVu9EEvB19jVnasoqLjkU+nZg4:KMshqE+B19jVjNLoU+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4076-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4076-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4328-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4328-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4328-20-0x0000000005330000-0x00000000054C3000-memory.dmp	xmrig
behavioral2/memory/4328-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/4328-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4328	299f31e52f03753ec60c50da6e3197b2.exe

Executes dropped EXE 1 IoCs

pid	Process
4328	299f31e52f03753ec60c50da6e3197b2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4076-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000600000002321c-11.dat	upx
behavioral2/memory/4328-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4076	299f31e52f03753ec60c50da6e3197b2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4076	299f31e52f03753ec60c50da6e3197b2.exe
4328	299f31e52f03753ec60c50da6e3197b2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 4328	4076	299f31e52f03753ec60c50da6e3197b2.exe	92
PID 4076 wrote to memory of 4328	4076	299f31e52f03753ec60c50da6e3197b2.exe	92
PID 4076 wrote to memory of 4328	4076	299f31e52f03753ec60c50da6e3197b2.exe	92

C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe
"C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe
  C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\299f31e52f03753ec60c50da6e3197b2.exe

Filesize
382KB

MD5
2353bb9b54adc2905191727c0bbbb74f

SHA1
2a7c01da8b65b205246294176b8818621832bb74

SHA256
ac3b0219ec3149100c648a462eda0edeefa1b5ee21340422fa4a3aca3a1138a3

SHA512
ae995cff2aaf70c3a81541da5a2369384b150023582c0fe966556722daabefc772c348221a8f842293e72bb917511e2ced4686054c5c66873bbc66d4fe2ffe67

Download Submit
memory/4076-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4076-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4076-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4076-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4328-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4328-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4328-14-0x0000000001AC0000-0x0000000001B84000-memory.dmp

Filesize
784KB

Download
memory/4328-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4328-20-0x0000000005330000-0x00000000054C3000-memory.dmp

Filesize
1.6MB

Download
memory/4328-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/4328-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download