xmrig | 795d95ccf668382cebe44c73ceb39bcf0285dc577ac5fc2c7594e158f14d7715

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d58b5be841021bc38c629f2dd621aea.exe
Size

784KB
MD5

3d58b5be841021bc38c629f2dd621aea
SHA1

3c41d309b54e60590172610848f648299689b2bf
SHA256

795d95ccf668382cebe44c73ceb39bcf0285dc577ac5fc2c7594e158f14d7715
SHA512

75fd619db7e4cb299be74f309f7f87d3d9743d5e4333e78358839a505f2f690c83de1ec4c88a44cca4afa65a4afcadded287cb9dc442e172e639c5f400fcfec1
SSDEEP

12288:SJjIx7U/q+cDDp53IdTrlnhA0uXUd9k8az4qRz66enCmvRin93skD3:Sqd+wtUlhJuXkLqRz6ugY95

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2336-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2336-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2688-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2688-24-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2688-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2688-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2688	3d58b5be841021bc38c629f2dd621aea.exe

Executes dropped EXE 1 IoCs

pid	Process
2688	3d58b5be841021bc38c629f2dd621aea.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	3d58b5be841021bc38c629f2dd621aea.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2336-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012238-10.dat	upx
behavioral1/memory/2336-15-0x0000000003210000-0x0000000003522000-memory.dmp	upx
behavioral1/memory/2688-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2336	3d58b5be841021bc38c629f2dd621aea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2336	3d58b5be841021bc38c629f2dd621aea.exe
2688	3d58b5be841021bc38c629f2dd621aea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2688	2336	3d58b5be841021bc38c629f2dd621aea.exe	29
PID 2336 wrote to memory of 2688	2336	3d58b5be841021bc38c629f2dd621aea.exe	29
PID 2336 wrote to memory of 2688	2336	3d58b5be841021bc38c629f2dd621aea.exe	29
PID 2336 wrote to memory of 2688	2336	3d58b5be841021bc38c629f2dd621aea.exe	29

C:\Users\Admin\AppData\Local\Temp\3d58b5be841021bc38c629f2dd621aea.exe
"C:\Users\Admin\AppData\Local\Temp\3d58b5be841021bc38c629f2dd621aea.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\3d58b5be841021bc38c629f2dd621aea.exe
  C:\Users\Admin\AppData\Local\Temp\3d58b5be841021bc38c629f2dd621aea.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\3d58b5be841021bc38c629f2dd621aea.exe

Filesize
784KB

MD5
4cb3fcb7a7dbad696d0bd8e13ef052cb

SHA1
acaa3f6a103f5ccf0ed0a8f55c32075aee49ce25

SHA256
b59b3745114bca6999b687b6c4761468f874615521126462dc0b9e10db3e8f79

SHA512
2dc048443485bc47c283aedd21f39edccbaffe3a7b6739fe8ae3b661c2990c228e393c7c14e7500bb69a0b79ab936286d68944a8929690a90763c67b880f152e

Download Submit
memory/2336-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2336-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2336-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2336-15-0x0000000003210000-0x0000000003522000-memory.dmp

Filesize
3.1MB

Download
memory/2336-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2688-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2688-18-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2688-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2688-24-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2688-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2688-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download