xmrig | bccb727cc1ccbdfbc3b8a1d8a63409381238db23f27a763f7edfcf213e2421ab

Analysis

max time kernel
138s
max time network
164s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3828a5ad4542092befc84fdee1586f7c.exe
Size

1.5MB
MD5

3828a5ad4542092befc84fdee1586f7c
SHA1

f3c892f174e4a7ba37cc4e9fe73103e24029b0db
SHA256

bccb727cc1ccbdfbc3b8a1d8a63409381238db23f27a763f7edfcf213e2421ab
SHA512

1e875d5e3d740c414595f4676514dfdd70c887093f5bc884b3b99921046fc3105735691092cb2adf3fac4f1a3a6f60c32fddac5ab3767721ee4ffc8b29e50522
SSDEEP

49152:8D9F7lTrj2Lq9jOtd1iJR1AfPuNOeu1M:8DZD2rti+fPuNOV1M

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2904-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1876-24-0x0000000003110000-0x00000000032A3000-memory.dmp	xmrig
behavioral1/memory/1876-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1876-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1876-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1876-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2904-36-0x00000000035A0000-0x00000000038B2000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1876	3828a5ad4542092befc84fdee1586f7c.exe

Executes dropped EXE 1 IoCs

pid	Process
1876	3828a5ad4542092befc84fdee1586f7c.exe

Loads dropped DLL 1 IoCs

pid	Process
2904	3828a5ad4542092befc84fdee1586f7c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/1876-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2904-16-0x00000000035A0000-0x00000000038B2000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-15.dat	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2904	3828a5ad4542092befc84fdee1586f7c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2904	3828a5ad4542092befc84fdee1586f7c.exe
1876	3828a5ad4542092befc84fdee1586f7c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1876	2904	3828a5ad4542092befc84fdee1586f7c.exe	28
PID 2904 wrote to memory of 1876	2904	3828a5ad4542092befc84fdee1586f7c.exe	28
PID 2904 wrote to memory of 1876	2904	3828a5ad4542092befc84fdee1586f7c.exe	28
PID 2904 wrote to memory of 1876	2904	3828a5ad4542092befc84fdee1586f7c.exe	28

C:\Users\Admin\AppData\Local\Temp\3828a5ad4542092befc84fdee1586f7c.exe
"C:\Users\Admin\AppData\Local\Temp\3828a5ad4542092befc84fdee1586f7c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\3828a5ad4542092befc84fdee1586f7c.exe
  C:\Users\Admin\AppData\Local\Temp\3828a5ad4542092befc84fdee1586f7c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3828a5ad4542092befc84fdee1586f7c.exe

Filesize
87KB

MD5
3ff7c99dc2ad021bb7fdf2f61a4f0f4f

SHA1
90fe4ee71d1bcf006fbaf8f73b71f333096c6c0d

SHA256
b815013cbb5ae88bc228bbf9d91ade82493a8c94b634d67929c73cf3509be27c

SHA512
2794b6e761fa34b1498efb670821f7358cbb44778cdacf68d844f21bded6b2e29f41c28997b9d50ff4c58bb3b5a432cd3a9b54ded9ad946b62e573969c9606aa

Download Submit
\Users\Admin\AppData\Local\Temp\3828a5ad4542092befc84fdee1586f7c.exe

Filesize
45KB

MD5
aa0c1440e7e42a6d9cf70eefb3604286

SHA1
d2a9166d2428358e1b1e595b91eb17514ed27610

SHA256
9745bf639da65e317bbff5cf0453a0374230d381992d3049d6283897136fb3de

SHA512
6a6229285e058d850431f2bfada93ca88f409c0e45591d31a8bc51bc16fe38a1e6d0ae6675ec7f243c2cc4db2945a0096de6f786e85b9e9af7b77a06248df3ad

Download Submit
memory/1876-24-0x0000000003110000-0x00000000032A3000-memory.dmp

Filesize
1.6MB

Download
memory/1876-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1876-20-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/1876-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1876-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1876-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1876-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2904-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2904-16-0x00000000035A0000-0x00000000038B2000-memory.dmp

Filesize
3.1MB

Download
memory/2904-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2904-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2904-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2904-36-0x00000000035A0000-0x00000000038B2000-memory.dmp

Filesize
3.1MB

Download