xmrig | 06316a5c21d1986b4c1f191452ee69856c265587a979e9ae4ef4bfa058b98908

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4962afe40192cd9657ba5f74f341ff82.exe
Size

784KB
MD5

4962afe40192cd9657ba5f74f341ff82
SHA1

841283ec53472bf95b7201cb82d43ba793cf58fb
SHA256

06316a5c21d1986b4c1f191452ee69856c265587a979e9ae4ef4bfa058b98908
SHA512

586e2e762b53a662b3d9950d4b4afd3c71add38aa8dd19b7cb43fe608bc1502bf0fac95f3395efa2d7ec97ec1110fad7ebc7f7e6d293c84504815c9bc137d62c
SSDEEP

12288:+i4NzBc8RC7AkNtj2VtI746Kro+4yJ8+GOzOvxIxBlCKJj96W7JtwMm7QN5jP:BgzBzCTNE38lya+GOCvEWKF9Lbhm7kB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4536-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4536-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5072-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5072-21-0x00000000052F0000-0x0000000005483000-memory.dmp	xmrig
behavioral2/memory/5072-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/5072-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/5072-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
5072	4962afe40192cd9657ba5f74f341ff82.exe

Executes dropped EXE 1 IoCs

pid	Process
5072	4962afe40192cd9657ba5f74f341ff82.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4536-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/5072-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4536	4962afe40192cd9657ba5f74f341ff82.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4536	4962afe40192cd9657ba5f74f341ff82.exe
5072	4962afe40192cd9657ba5f74f341ff82.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 5072	4536	4962afe40192cd9657ba5f74f341ff82.exe	91
PID 4536 wrote to memory of 5072	4536	4962afe40192cd9657ba5f74f341ff82.exe	91
PID 4536 wrote to memory of 5072	4536	4962afe40192cd9657ba5f74f341ff82.exe	91

C:\Users\Admin\AppData\Local\Temp\4962afe40192cd9657ba5f74f341ff82.exe
"C:\Users\Admin\AppData\Local\Temp\4962afe40192cd9657ba5f74f341ff82.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Users\Admin\AppData\Local\Temp\4962afe40192cd9657ba5f74f341ff82.exe
  C:\Users\Admin\AppData\Local\Temp\4962afe40192cd9657ba5f74f341ff82.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4962afe40192cd9657ba5f74f341ff82.exe

Filesize
486KB

MD5
e3f33d348fc49004625d3f66ed14264d

SHA1
0a4b2f500b7d1f162e4473c390324e8d11e1f91f

SHA256
989056b056fec9387c97a709c7b2a09f993f8e3435b3f6c44a3a91336bda3a54

SHA512
446d45bd04a6fe01c46e3b1d6f6b0c6869a661de76caf73905c04bc86aeba14af957524bacaabbfba31ddb428ac581633b7b0c5f1b68f010891cacb88d92b2a6

Download Submit
memory/4536-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4536-1-0x0000000001A80000-0x0000000001B44000-memory.dmp

Filesize
784KB

Download
memory/4536-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4536-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/5072-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/5072-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/5072-16-0x0000000001A80000-0x0000000001B44000-memory.dmp

Filesize
784KB

Download
memory/5072-21-0x00000000052F0000-0x0000000005483000-memory.dmp

Filesize
1.6MB

Download
memory/5072-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5072-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5072-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download