xmrig | dbc5f692d7af311deafaaf0b5dc07430d8eafa94f92cce9bc7514bc1fd5e8525

Analysis

max time kernel
121s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

473d85310f054f043f3741782550854d.exe
Size

784KB
MD5

473d85310f054f043f3741782550854d
SHA1

218ff08e9efb31acedb70ff38b4a48d8a5b9c9f2
SHA256

dbc5f692d7af311deafaaf0b5dc07430d8eafa94f92cce9bc7514bc1fd5e8525
SHA512

84ffe7190eec79f1a161955f9084f6d10bc2c65dbccc035609909e32382411ecee8ddb0ff932e85c77db2c4df6af18975ca1d7c39b5ac436ed2c860c0e84c524
SSDEEP

24576:unH5xjnZoyrcm7a9FnX2Xrht6gR3BxKff6jd4:uZJnZoccm7aqXP6EYi4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2772-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2772-24-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/2772-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2772-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2772-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2772	473d85310f054f043f3741782550854d.exe

Executes dropped EXE 1 IoCs

pid	Process
2772	473d85310f054f043f3741782550854d.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	473d85310f054f043f3741782550854d.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x00080000000120dc-10.dat	upx
behavioral1/memory/1636-15-0x00000000032C0000-0x00000000035D2000-memory.dmp	upx
behavioral1/files/0x00080000000120dc-16.dat	upx
behavioral1/memory/2772-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1636	473d85310f054f043f3741782550854d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1636	473d85310f054f043f3741782550854d.exe
2772	473d85310f054f043f3741782550854d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2772	1636	473d85310f054f043f3741782550854d.exe	29
PID 1636 wrote to memory of 2772	1636	473d85310f054f043f3741782550854d.exe	29
PID 1636 wrote to memory of 2772	1636	473d85310f054f043f3741782550854d.exe	29
PID 1636 wrote to memory of 2772	1636	473d85310f054f043f3741782550854d.exe	29

C:\Users\Admin\AppData\Local\Temp\473d85310f054f043f3741782550854d.exe
"C:\Users\Admin\AppData\Local\Temp\473d85310f054f043f3741782550854d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\473d85310f054f043f3741782550854d.exe
  C:\Users\Admin\AppData\Local\Temp\473d85310f054f043f3741782550854d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\473d85310f054f043f3741782550854d.exe

Filesize
178KB

MD5
8d093443e47efa8178c0b63b87caea8f

SHA1
da1948f351dbaf4dbaac08f00d04f18704e21893

SHA256
ea2184060a7bbc9b7f8c086c351d2630760a619ab7fec870b33e129660133ddf

SHA512
1eb64d421a90768265add683d1071ef7d0072294174e212691e08b62cfa119ff29c9cc695914408af6cf4ce1e1a98957fccd988fe06fb091609e7796721cdad1

Download Submit
\Users\Admin\AppData\Local\Temp\473d85310f054f043f3741782550854d.exe

Filesize
208KB

MD5
c33d44843d38d70bcebfc7e12aeba134

SHA1
a5dee4ae6f5d63c39fefbe8af6e103cc695101d4

SHA256
534d6077c02034f26b59834b031da9229c5fd8772ba3d8c8d7f0d72e24c162ff

SHA512
a5a1bcf733d44135d2781d6eedef38b694ddfdc42507485edcc9422ba5504bead9083fb118703ddccede867659e067acdb547447c6852d8d2dd5a139d06b673b

Download Submit
memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1636-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1636-15-0x00000000032C0000-0x00000000035D2000-memory.dmp

Filesize
3.1MB

Download
memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2772-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2772-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2772-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2772-24-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/2772-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2772-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2772-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download