xmrig | 9803f180fe02d70e1600b4b908a3306ac309a99d7328b0364f726a1495c38abe

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47a20d3cbe28af5a262b9ed4b989d8b6.exe
Size

2.3MB
MD5

47a20d3cbe28af5a262b9ed4b989d8b6
SHA1

b0bb644d63a4480733fbf561966a80bfc2226280
SHA256

9803f180fe02d70e1600b4b908a3306ac309a99d7328b0364f726a1495c38abe
SHA512

f6d7d898ca0bcf77adc5fea61218c12030efcb0974a8ced784b868c68d11f396deead61d0125095a61890586de6833199d3c446fa00703cb462e09a1062a8d1d
SSDEEP

49152:a1lbwf+DGwvmt2eogSyegGOyif6ATBlM:AlbwwGwvJyzoiSml

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral1/memory/2248-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1804-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1804-19-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/1804-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1804-26-0x00000000030A0000-0x0000000003233000-memory.dmp	xmrig
behavioral1/memory/2248-16-0x0000000003530000-0x0000000003842000-memory.dmp	xmrig
behavioral1/memory/2248-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1804-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1804-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1804	47a20d3cbe28af5a262b9ed4b989d8b6.exe

Executes dropped EXE 1 IoCs

pid	Process
1804	47a20d3cbe28af5a262b9ed4b989d8b6.exe

Loads dropped DLL 1 IoCs

pid	Process
2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000d000000012251-10.dat	upx
behavioral1/files/0x000d000000012251-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe
1804	47a20d3cbe28af5a262b9ed4b989d8b6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1804	2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe	29
PID 2248 wrote to memory of 1804	2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe	29
PID 2248 wrote to memory of 1804	2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe	29
PID 2248 wrote to memory of 1804	2248	47a20d3cbe28af5a262b9ed4b989d8b6.exe	29

C:\Users\Admin\AppData\Local\Temp\47a20d3cbe28af5a262b9ed4b989d8b6.exe
"C:\Users\Admin\AppData\Local\Temp\47a20d3cbe28af5a262b9ed4b989d8b6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\47a20d3cbe28af5a262b9ed4b989d8b6.exe
  C:\Users\Admin\AppData\Local\Temp\47a20d3cbe28af5a262b9ed4b989d8b6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\47a20d3cbe28af5a262b9ed4b989d8b6.exe

Filesize
784KB

MD5
adcb0d3efe6dbc45f45107b386011246

SHA1
28ea9e036130d0c12a6f7235b1e4089ea34e1788

SHA256
640e6637629ca0a444347fb9f8b00916009892c868b734b65101255d0017757a

SHA512
b7c3ab49d18525f41d9877afb466f74c88eb5674ec1ec74993594a85567c1d876e7b6025c79a2726fdd943bdd8e8dbd58303493ca2f67f6edd652a8681387bc8

Download Submit
memory/1804-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1804-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1804-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1804-19-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1804-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1804-26-0x00000000030A0000-0x0000000003233000-memory.dmp

Filesize
1.6MB

Download
memory/1804-21-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2248-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2248-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2248-16-0x0000000003530000-0x0000000003842000-memory.dmp

Filesize
3.1MB

Download
memory/2248-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2248-2-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download