xmrig | 97bd130856eea367f0fb8548f0ac19694cfa9d737dc059614ab6236469757d74

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39dc9ad769d1be292efd2f3400c49669.exe
Size

784KB
MD5

39dc9ad769d1be292efd2f3400c49669
SHA1

407171f0f2d32ec861fa23d29e2b9b8ffe4cd646
SHA256

97bd130856eea367f0fb8548f0ac19694cfa9d737dc059614ab6236469757d74
SHA512

6f65a459f5544621c850cf231a933c2a587a201b28c66897ed4b7f8dc81983e8812671e95c42e0371919d218139337137b120b63b058c33d6a597358dfc32ddd
SSDEEP

24576:xK7yldNitoINTd6V9jCZ4cP8AzY2CAQnrCS4:xK7K/t8A+4aAAg54

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2652-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2652-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1816-26-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/1816-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1816-33-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1816-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1816	39dc9ad769d1be292efd2f3400c49669.exe

Executes dropped EXE 1 IoCs

pid	Process
1816	39dc9ad769d1be292efd2f3400c49669.exe

Loads dropped DLL 1 IoCs

pid	Process
2652	39dc9ad769d1be292efd2f3400c49669.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2652-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/1816-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c00000001233b-14.dat	upx
behavioral1/files/0x000c00000001233b-13.dat	upx
behavioral1/files/0x000c00000001233b-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2652	39dc9ad769d1be292efd2f3400c49669.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2652	39dc9ad769d1be292efd2f3400c49669.exe
1816	39dc9ad769d1be292efd2f3400c49669.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 1816	2652	39dc9ad769d1be292efd2f3400c49669.exe	29
PID 2652 wrote to memory of 1816	2652	39dc9ad769d1be292efd2f3400c49669.exe	29
PID 2652 wrote to memory of 1816	2652	39dc9ad769d1be292efd2f3400c49669.exe	29
PID 2652 wrote to memory of 1816	2652	39dc9ad769d1be292efd2f3400c49669.exe	29

C:\Users\Admin\AppData\Local\Temp\39dc9ad769d1be292efd2f3400c49669.exe
"C:\Users\Admin\AppData\Local\Temp\39dc9ad769d1be292efd2f3400c49669.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Users\Admin\AppData\Local\Temp\39dc9ad769d1be292efd2f3400c49669.exe
  C:\Users\Admin\AppData\Local\Temp\39dc9ad769d1be292efd2f3400c49669.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\39dc9ad769d1be292efd2f3400c49669.exe

Filesize
3KB

MD5
06063eb93d548b1096f4c3778a9f1781

SHA1
45fe5aaf533b71a18d80f6f8f53b27b16b5d6c4e

SHA256
ceab87e25078ccdd5871c3a75a8ebb588348c5df1daa5a71d302abb0f2def208

SHA512
27c6f5fb74f00dfcd7806bb6e923301510ec09d3e8e94ad530fc7f5c679cb7ba03df1fc2195d38d8d371f062df9c2a892857f377c526cc842478dfaf5c558b7b

Download Submit
\Users\Admin\AppData\Local\Temp\39dc9ad769d1be292efd2f3400c49669.exe

Filesize
381KB

MD5
0e7acd178240b913be37414303274c7f

SHA1
fb99eca010c12f25a4b2c92dc82bd5320cf61837

SHA256
5502ca57d7faf5e344c6c255b6749d103fa6b9d8e699b06de95b5728e52427c5

SHA512
aebc01d58697fee4ab09393662e32eb0646f272507d0d3e5b0beb94e2f29ef8eb1651c5757150578504744abff28a66b37da6ef5fe4f6e9f360f808a22a65500

Download Submit
memory/1816-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1816-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1816-18-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/1816-26-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/1816-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1816-33-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2652-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2652-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2652-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2652-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download