Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 15:13
Behavioral task
behavioral1
Sample
4bc47edd531cd8265c13c48a0484ef85.exe
Resource
win7-20231215-en
General
-
Target
4bc47edd531cd8265c13c48a0484ef85.exe
-
Size
784KB
-
MD5
4bc47edd531cd8265c13c48a0484ef85
-
SHA1
58a2e608858758906fbde0059766f863de01775a
-
SHA256
615819dccdbb66a98bb9c5136d9356fd3fbb8c71ae33916dc3843cebac77ca98
-
SHA512
5046fc9bbcbd408fb3dfc5aa41ba1c05b4331f6c4e4de2369bc773239360c13c2717d74e87de1fb5436ec6d735a921c98599703d7beadf8aceef57fc9f6bf73e
-
SSDEEP
24576:9nqqz0P95d/42H0bQlosaZmWxDp4QUIZHErx:dm42H0bQymW1p4mZ
Malware Config
Signatures
-
XMRig Miner payload 8 IoCs
resource yara_rule behavioral1/memory/1104-1-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/1104-15-0x0000000003170000-0x0000000003482000-memory.dmp xmrig behavioral1/memory/2420-24-0x0000000003220000-0x00000000033B3000-memory.dmp xmrig behavioral1/memory/2420-25-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/2420-18-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/2420-34-0x0000000000400000-0x0000000000587000-memory.dmp xmrig behavioral1/memory/1104-14-0x0000000000400000-0x0000000000593000-memory.dmp xmrig behavioral1/memory/1104-35-0x0000000003170000-0x0000000003482000-memory.dmp xmrig -
Deletes itself 1 IoCs
pid Process 2420 4bc47edd531cd8265c13c48a0484ef85.exe -
Executes dropped EXE 1 IoCs
pid Process 2420 4bc47edd531cd8265c13c48a0484ef85.exe -
Loads dropped DLL 1 IoCs
pid Process 1104 4bc47edd531cd8265c13c48a0484ef85.exe -
resource yara_rule behavioral1/memory/1104-0-0x0000000000400000-0x0000000000712000-memory.dmp upx behavioral1/files/0x0007000000012270-10.dat upx behavioral1/memory/2420-17-0x0000000000400000-0x0000000000712000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1104 4bc47edd531cd8265c13c48a0484ef85.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1104 4bc47edd531cd8265c13c48a0484ef85.exe 2420 4bc47edd531cd8265c13c48a0484ef85.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1104 wrote to memory of 2420 1104 4bc47edd531cd8265c13c48a0484ef85.exe 21 PID 1104 wrote to memory of 2420 1104 4bc47edd531cd8265c13c48a0484ef85.exe 21 PID 1104 wrote to memory of 2420 1104 4bc47edd531cd8265c13c48a0484ef85.exe 21 PID 1104 wrote to memory of 2420 1104 4bc47edd531cd8265c13c48a0484ef85.exe 21
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bc47edd531cd8265c13c48a0484ef85.exe"C:\Users\Admin\AppData\Local\Temp\4bc47edd531cd8265c13c48a0484ef85.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Users\Admin\AppData\Local\Temp\4bc47edd531cd8265c13c48a0484ef85.exeC:\Users\Admin\AppData\Local\Temp\4bc47edd531cd8265c13c48a0484ef85.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2420
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
221KB
MD503b757b2066d72261056a18f6b3e4efc
SHA1061cd493a76cabe49b9ba965b4100c9a633566a2
SHA25658a8debd8518853a3090bdbc2a83b57b6d4428fc10717b3938631c7c564599b2
SHA51211387ebccea781febfc832561a713ca7ee5774605776c3491276a496e7eade2eb8555241843d7a552400c843f224fcf60c3b02c0ab7a0db876f1b5e0d7c01a5c