xmrig | 95f2d8d7153e8f0399b17c539dea7ee45f8b58652beb2577e7df75488b676a1e

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 01:02

Target

425edaec6b35b3a12852e136409d42b2.exe
Size

784KB
MD5

425edaec6b35b3a12852e136409d42b2
SHA1

4f7c2c06fb80ab04decaba26d961bd86fefaa20c
SHA256

95f2d8d7153e8f0399b17c539dea7ee45f8b58652beb2577e7df75488b676a1e
SHA512

0c6e5e34819889eb993fd1c2f682c193fe79259cf37fed2fd3039861d615c40ddbfa04b220938d2062bd220e1893a24abfd7b2398636d66d27bbc9ccb76ef211
SSDEEP

12288:OJuWOscseGxPmmaYeJGcoSXO4GaR8oOhBEAod5Mv4pgix2fQ1GHMff7c79z8S:O4DbG0txoSXuThbo8wefQHffw7K

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2172-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2172-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4512-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4512-20-0x0000000005530000-0x00000000056C3000-memory.dmp	xmrig
behavioral2/memory/4512-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4512-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4512	425edaec6b35b3a12852e136409d42b2.exe

Executes dropped EXE 1 IoCs

pid	Process
4512	425edaec6b35b3a12852e136409d42b2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2172-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000300000002272c-11.dat	upx
behavioral2/memory/4512-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2172	425edaec6b35b3a12852e136409d42b2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2172	425edaec6b35b3a12852e136409d42b2.exe
4512	425edaec6b35b3a12852e136409d42b2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 4512	2172	425edaec6b35b3a12852e136409d42b2.exe	92
PID 2172 wrote to memory of 4512	2172	425edaec6b35b3a12852e136409d42b2.exe	92
PID 2172 wrote to memory of 4512	2172	425edaec6b35b3a12852e136409d42b2.exe	92

C:\Users\Admin\AppData\Local\Temp\425edaec6b35b3a12852e136409d42b2.exe

Filesize
206KB

MD5
92df55e3f92dc753fda5a7b0918ac40d

SHA1
7f7e4e849a8ae3b3397871aef098f09229abc3f2

SHA256
efcddc89fb109482d625f947c5dbb10774b21ca4f36721ced9ef0e3317bb9679

SHA512
0a4467d9b33685f6cca1998a81cbeb0810e5af8f56d5d1d499495382558d141f0bfbd2728058e0d11b05fb4aeab90a19fbb70af75b2f021fcbf297851f9619df

Download Submit
memory/2172-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2172-1-0x00000000019F0000-0x0000000001AB4000-memory.dmp

Filesize
784KB

Download
memory/2172-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2172-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4512-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4512-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4512-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4512-20-0x0000000005530000-0x00000000056C3000-memory.dmp

Filesize
1.6MB

Download
memory/4512-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4512-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download