xmrig | b6d80ed493487fcf4801f4e1087b54ed618e195e3d968ec8fcee6d2c4faac10a

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a6bd8248c77c755443ff72beb8d7caf.exe
Size

784KB
MD5

2a6bd8248c77c755443ff72beb8d7caf
SHA1

9e0b8f521a512d9f2c0a371bfc0427aeadb8a89d
SHA256

b6d80ed493487fcf4801f4e1087b54ed618e195e3d968ec8fcee6d2c4faac10a
SHA512

0a06622c68e79272ba0343d6957cf5b49814d4aa37560329f1cbfeec94f256724939738c20477c9876f25efc4ce08b6686a922a6a93221d358e2e0fc3bbf4a8f
SSDEEP

12288:LB16Cp19VnIvyaxz/KgejIvbpSgH4/19i0MIvp9z4fxbp6Pifg+aCs5NCxFM:tUCeyO2gQIjsgHEzi0MIvjKI5YM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/284-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/284-15-0x0000000003110000-0x0000000003422000-memory.dmp	xmrig
behavioral1/memory/284-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2060-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2060-24-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/2060-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2060-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2060	2a6bd8248c77c755443ff72beb8d7caf.exe

Executes dropped EXE 1 IoCs

pid	Process
2060	2a6bd8248c77c755443ff72beb8d7caf.exe

Loads dropped DLL 1 IoCs

pid	Process
284	2a6bd8248c77c755443ff72beb8d7caf.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/284-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012255-10.dat	upx
behavioral1/files/0x000b000000012255-16.dat	upx
behavioral1/memory/2060-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
284	2a6bd8248c77c755443ff72beb8d7caf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
284	2a6bd8248c77c755443ff72beb8d7caf.exe
2060	2a6bd8248c77c755443ff72beb8d7caf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 284 wrote to memory of 2060	284	2a6bd8248c77c755443ff72beb8d7caf.exe	29
PID 284 wrote to memory of 2060	284	2a6bd8248c77c755443ff72beb8d7caf.exe	29
PID 284 wrote to memory of 2060	284	2a6bd8248c77c755443ff72beb8d7caf.exe	29
PID 284 wrote to memory of 2060	284	2a6bd8248c77c755443ff72beb8d7caf.exe	29

C:\Users\Admin\AppData\Local\Temp\2a6bd8248c77c755443ff72beb8d7caf.exe
"C:\Users\Admin\AppData\Local\Temp\2a6bd8248c77c755443ff72beb8d7caf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:284
- C:\Users\Admin\AppData\Local\Temp\2a6bd8248c77c755443ff72beb8d7caf.exe
  C:\Users\Admin\AppData\Local\Temp\2a6bd8248c77c755443ff72beb8d7caf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2a6bd8248c77c755443ff72beb8d7caf.exe

Filesize
260KB

MD5
689dc5e10305844d77befd482c02bb88

SHA1
d0e8dc683ed331281c4ee631db2cf1656d0238db

SHA256
654fd177e155b51898daa056dc6c5d95e8047e1d50f847284241398edaae5a26

SHA512
fc5ea74152e12f24df6480ce113a7522351400d89e004bbea21110ce3a5d2467a725a652ae7aa912b918561df6b538d580542ea6498db2c7ffab0fa45b499ff7

Download Submit
\Users\Admin\AppData\Local\Temp\2a6bd8248c77c755443ff72beb8d7caf.exe

Filesize
359KB

MD5
04a207bfce7f2bd139b5b086e9aea755

SHA1
82aa995fbaadd305ac54d7b825c0e98b0fe8ea6b

SHA256
c160bc6a29d97d69300a2d0548871e4ec904fd5c0f17f6f12b98acf65ff2a71b

SHA512
87e7bdb6449281c0e6ca55d6327a2e734bd9c7e1f04b763b4894496138399544bf95c5a92a106658119dea518947d6f5679ad7a6d988dbf3c3d5aa9b1546364b

Download Submit
memory/284-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/284-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/284-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/284-15-0x0000000003110000-0x0000000003422000-memory.dmp

Filesize
3.1MB

Download
memory/284-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2060-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2060-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2060-18-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2060-24-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/2060-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2060-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download