xmrig | 91c9b6bf7e8bcc57f39f43be135f4c1bab08735d67b493947a41e0607c64568b

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 10:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c36334f710b72238ac51c90149bc021.exe
Size

1.5MB
MD5

3c36334f710b72238ac51c90149bc021
SHA1

e4bdc1fef7b8314d913f460f994a538a767cc600
SHA256

91c9b6bf7e8bcc57f39f43be135f4c1bab08735d67b493947a41e0607c64568b
SHA512

06111fcbe2a789674884d16e4ebabce3fd3e50037df085fa0013ade6a85f2a38d174194962d6ccf2465530c606a009a887dad889c5636c8b5566311c034418aa
SSDEEP

24576:2Ux/MS82p8oi/AIEZRsyAqN/LrGT6iFjD7D6Oohf20vVAO/ja51FsJck:Nxeg4/SOyAK/LyfRfD6OevQoJ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2416-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2416-15-0x0000000003560000-0x0000000003872000-memory.dmp	xmrig
behavioral1/memory/2416-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2680-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2680-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2680-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2680-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2680	3c36334f710b72238ac51c90149bc021.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	3c36334f710b72238ac51c90149bc021.exe

Loads dropped DLL 1 IoCs

pid	Process
2416	3c36334f710b72238ac51c90149bc021.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2416-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012185-10.dat	upx
behavioral1/memory/2680-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2416	3c36334f710b72238ac51c90149bc021.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2416	3c36334f710b72238ac51c90149bc021.exe
2680	3c36334f710b72238ac51c90149bc021.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2680	2416	3c36334f710b72238ac51c90149bc021.exe	29
PID 2416 wrote to memory of 2680	2416	3c36334f710b72238ac51c90149bc021.exe	29
PID 2416 wrote to memory of 2680	2416	3c36334f710b72238ac51c90149bc021.exe	29
PID 2416 wrote to memory of 2680	2416	3c36334f710b72238ac51c90149bc021.exe	29

C:\Users\Admin\AppData\Local\Temp\3c36334f710b72238ac51c90149bc021.exe
"C:\Users\Admin\AppData\Local\Temp\3c36334f710b72238ac51c90149bc021.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\3c36334f710b72238ac51c90149bc021.exe
  C:\Users\Admin\AppData\Local\Temp\3c36334f710b72238ac51c90149bc021.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\3c36334f710b72238ac51c90149bc021.exe

Filesize
784KB

MD5
3c2d3cfcc7f5343c76d9c361172b033f

SHA1
7297f7a3c47e68b39c76357ac0ba8554fa80e180

SHA256
11bf5b5b92fbaeefa43b6015aac3e4d825f1914250b2ce0ac35770c1135552b5

SHA512
4d47bc616abe286c30d9dc61a0207f7ece55c4a80866c52e20ca11feda04909a67a7564dcf02252f5fd47ba5d9575bf81f34176822b29af143808801d29bbf67

Download Submit
memory/2416-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2416-1-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2416-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2416-15-0x0000000003560000-0x0000000003872000-memory.dmp

Filesize
3.1MB

Download
memory/2416-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2680-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2680-18-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2680-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2680-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2680-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2680-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download