xmrig | c4c56b6b3ed8e950978be0d28f4ae775195e7d59d23a7e4aead60eb7b9f4e123

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4aac0422c5518e1f8c3b52ba6b06ad6d.exe
Size

784KB
MD5

4aac0422c5518e1f8c3b52ba6b06ad6d
SHA1

a4a843c9b16468a44e572ecb98f415d96a49de29
SHA256

c4c56b6b3ed8e950978be0d28f4ae775195e7d59d23a7e4aead60eb7b9f4e123
SHA512

9a2bf9582c9c5e9101a5ae49d84034d1c4817ec9095b1d3b8087e5d2592b7f5b9f981ed1df1b0ea5d0bb3e8771948c3a8bc4794951ea701d5fef0a82e87221b8
SSDEEP

12288:1L01BF2OwUjr9hXL6BnaqIC2WhvX/yI7zou23Io0+Jvge7aeBuFgUceBs2eQdX0H:WNaUjJhXe9h0Whf/yI3x23tRYDrrkH

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2068-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2068-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2756-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2756-22-0x00000000053A0000-0x0000000005533000-memory.dmp	xmrig
behavioral2/memory/2756-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2756-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2756	4aac0422c5518e1f8c3b52ba6b06ad6d.exe

Executes dropped EXE 1 IoCs

pid	Process
2756	4aac0422c5518e1f8c3b52ba6b06ad6d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2068-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000b000000023166-11.dat	upx
behavioral2/memory/2756-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2068	4aac0422c5518e1f8c3b52ba6b06ad6d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2068	4aac0422c5518e1f8c3b52ba6b06ad6d.exe
2756	4aac0422c5518e1f8c3b52ba6b06ad6d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2756	2068	4aac0422c5518e1f8c3b52ba6b06ad6d.exe	25
PID 2068 wrote to memory of 2756	2068	4aac0422c5518e1f8c3b52ba6b06ad6d.exe	25
PID 2068 wrote to memory of 2756	2068	4aac0422c5518e1f8c3b52ba6b06ad6d.exe	25

C:\Users\Admin\AppData\Local\Temp\4aac0422c5518e1f8c3b52ba6b06ad6d.exe
"C:\Users\Admin\AppData\Local\Temp\4aac0422c5518e1f8c3b52ba6b06ad6d.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\4aac0422c5518e1f8c3b52ba6b06ad6d.exe
  C:\Users\Admin\AppData\Local\Temp\4aac0422c5518e1f8c3b52ba6b06ad6d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4aac0422c5518e1f8c3b52ba6b06ad6d.exe

Filesize
29KB

MD5
ab6d42039ed1425f28329fc1e945169a

SHA1
af55d83b4b89a710784cd47c00d1b91c1b9bcf1a

SHA256
d042e9a6d6ae050dc4989ea1bfb2957754158a6a4f3c93f20170223be12b1b93

SHA512
5d75e97d377a89cfbd40f357caeab44aa0b97eeaab047c2aeef523a73dd980aa9f4b3e933a875d50052973609092da3741b6e5f53291e9025cf64bcd4822ea13

Download Submit
memory/2068-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2068-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2068-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2068-1-0x0000000001A80000-0x0000000001B44000-memory.dmp

Filesize
784KB

Download
memory/2756-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2756-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2756-22-0x00000000053A0000-0x0000000005533000-memory.dmp

Filesize
1.6MB

Download
memory/2756-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2756-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2756-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download