Overview

overview

10

Static

static

7

3c98c294f7...62.exe

windows7-x64

10

3c98c294f7...62.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 10:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3c98c294f7c32bc2281c315e1d163f62.exe

  • Size

    784KB

  • MD5

    3c98c294f7c32bc2281c315e1d163f62

  • SHA1

    1f6618debc61d4d5c833f82399be4c17318ad58d

  • SHA256

    a24e67442a41dce596d1607626956fbae1daf9cecc040077d56fcf891d411b03

  • SHA512

    4b5ccfcc2295db95369830a331fb3623bd908ec38760b8d45a65495e29e0af8eef4e155ae3cd2116ec6f15e2ba88617be6fb3c7b5f20b158b6c3f421fcb67744

  • SSDEEP

    24576:1X8yzlTSeHGAuT1uk/vpMnZ5IUvdCTHa253ReS668y:+yzlOeHGAQ4MY5LvdKae4368

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 8 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c98c294f7c32bc2281c315e1d163f62.exe
    "C:\Users\Admin\AppData\Local\Temp\3c98c294f7c32bc2281c315e1d163f62.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\3c98c294f7c32bc2281c315e1d163f62.exe
      C:\Users\Admin\AppData\Local\Temp\3c98c294f7c32bc2281c315e1d163f62.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2776

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\3c98c294f7c32bc2281c315e1d163f62.exe
          Filesize

          784KB

          MD5

          a638d47ba778f43a999463a55d581581

          SHA1

          21b2b9e43d73c81991108a41072d8d145944aa14

          SHA256

          cbdcfc102461b48258b0c413500ba13ef4800fe2aff8a232303af2b0ecba99b7

          SHA512

          bc0570c447f38063fde58cd314cd52917996a9d3f73aaa5fc1d928f5e07e0129ed78904d9d1d9de56aa7b4ff49920b6965ae6dedf9b7b74a314c75978b0d00aa

          Download Submit

        • memory/2760-0-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2760-2-0x00000000002C0000-0x0000000000384000-memory.dmp

          Filesize

          784KB

          Download

        • memory/2760-1-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2760-15-0x00000000031F0000-0x0000000003502000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2760-14-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2776-17-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2776-19-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2776-18-0x0000000000120000-0x00000000001E4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/2776-25-0x0000000003130000-0x00000000032C3000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2776-24-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2776-34-0x00000000005A0000-0x000000000071F000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2776-35-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download