xmrig | c21a233967828a4472b56f833529599b20019f46b275a386fbd9c010781ec329

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 03:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a5db3f30df46ae7ad70d34fdf5be820.exe
Size

784KB
MD5

4a5db3f30df46ae7ad70d34fdf5be820
SHA1

871850089cfa833d956e4cab03edce46d3fc107c
SHA256

c21a233967828a4472b56f833529599b20019f46b275a386fbd9c010781ec329
SHA512

33dd56272b8231d6049620453f24d773c164264b911427986710f878d2bbf29500ef9d8fe894485ba7ab70ec77bba8ce0296e7813b689c90c0a67e1957c284be
SSDEEP

24576:v+68CdXEniFZb35O3V+pcnz8LGuC5CQWhFiRhEQ9Ba:v+6Nukl5O3EezGGv5CFh8RWQm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2144-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2716-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2144-16-0x0000000003220000-0x0000000003532000-memory.dmp	xmrig
behavioral1/memory/2716-18-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2716-27-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2716-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2716-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2144-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2716	4a5db3f30df46ae7ad70d34fdf5be820.exe

Executes dropped EXE 1 IoCs

pid	Process
2716	4a5db3f30df46ae7ad70d34fdf5be820.exe

Loads dropped DLL 1 IoCs

pid	Process
2144	4a5db3f30df46ae7ad70d34fdf5be820.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2144-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b00000001224e-10.dat	upx
behavioral1/files/0x000b00000001224e-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2144	4a5db3f30df46ae7ad70d34fdf5be820.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2144	4a5db3f30df46ae7ad70d34fdf5be820.exe
2716	4a5db3f30df46ae7ad70d34fdf5be820.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2716	2144	4a5db3f30df46ae7ad70d34fdf5be820.exe	15
PID 2144 wrote to memory of 2716	2144	4a5db3f30df46ae7ad70d34fdf5be820.exe	15
PID 2144 wrote to memory of 2716	2144	4a5db3f30df46ae7ad70d34fdf5be820.exe	15
PID 2144 wrote to memory of 2716	2144	4a5db3f30df46ae7ad70d34fdf5be820.exe	15

C:\Users\Admin\AppData\Local\Temp\4a5db3f30df46ae7ad70d34fdf5be820.exe
C:\Users\Admin\AppData\Local\Temp\4a5db3f30df46ae7ad70d34fdf5be820.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2716

C:\Users\Admin\AppData\Local\Temp\4a5db3f30df46ae7ad70d34fdf5be820.exe
"C:\Users\Admin\AppData\Local\Temp\4a5db3f30df46ae7ad70d34fdf5be820.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4a5db3f30df46ae7ad70d34fdf5be820.exe

Filesize
381KB

MD5
3df7e3ba7a688ef04b4b43b5c5072677

SHA1
253fe382e29da066a5b1f08c6802a97fc23c5866

SHA256
e9e612ed775679156cdc01526d39711001c89d6ecd6abe3df4414a405886b006

SHA512
60d06731fc6438ba2e5fa59372bac16a080ab710960e0f04bd27b894ee2ac9b1cc9d7c8fb0a9cc2cb3e99e71e090ac1d47436e2eb4762365e6e9cc4cadeb0f5d

Download Submit
\Users\Admin\AppData\Local\Temp\4a5db3f30df46ae7ad70d34fdf5be820.exe

Filesize
92KB

MD5
1de3b33f548202a6f29ff076b9f4e8a1

SHA1
cbe0963a2d6020eae6c1fc2817c0d565aa7253db

SHA256
96851dd9bf484984dd07db1d1eecaa8e048146cc0cc1568d33ed673475ac7aca

SHA512
d5a04b9ab41cd0ceed1b45b998a45bf478f94566a05663496b5d5b255facd43cc6ca732770fd327312262257c5f3b7b1149b5a1d5b7b87ec9fbc13cf0f10f183

Download Submit
memory/2144-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2144-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2144-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2144-16-0x0000000003220000-0x0000000003532000-memory.dmp

Filesize
3.1MB

Download
memory/2144-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2716-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2716-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2716-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2716-21-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/2716-27-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2716-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download