xmrig | 0217ff82ab6d55036e041c294968eae2f23dfbac4ab055fe83f0ca9e6c8f60c8

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c05af5a8e4330ab6ec3adab0fb63f0e.exe
Size

784KB
MD5

4c05af5a8e4330ab6ec3adab0fb63f0e
SHA1

a2bf44c6a4d8bc83f5340adccad82a2054aca9d5
SHA256

0217ff82ab6d55036e041c294968eae2f23dfbac4ab055fe83f0ca9e6c8f60c8
SHA512

70d3ce9b2f21c56d446307056b8c6f4c86b34ed391d6008ea5bea149eb1a9c646e4fb4644f977219be681589ffdc52fa1f653faa451579cfa7f0431ecd9c0311
SSDEEP

12288:1A6eP3K6P/GPqp4aM9AfFR1qJjTt2Vm67DBhsmjFd/0Lnn9oQYZV1O0:1Al3KUkqV1qJjTt2VmWY0B0T9oQE17

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2164-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2164-15-0x0000000003160000-0x0000000003472000-memory.dmp	xmrig
behavioral1/memory/2164-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2108-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2108-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2108-25-0x0000000003080000-0x0000000003213000-memory.dmp	xmrig
behavioral1/memory/2108-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2108-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2108	4c05af5a8e4330ab6ec3adab0fb63f0e.exe

Executes dropped EXE 1 IoCs

pid	Process
2108	4c05af5a8e4330ab6ec3adab0fb63f0e.exe

Loads dropped DLL 1 IoCs

pid	Process
2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000d00000001224a-10.dat	upx
behavioral1/memory/2108-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe
2108	4c05af5a8e4330ab6ec3adab0fb63f0e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2108	2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe	29
PID 2164 wrote to memory of 2108	2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe	29
PID 2164 wrote to memory of 2108	2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe	29
PID 2164 wrote to memory of 2108	2164	4c05af5a8e4330ab6ec3adab0fb63f0e.exe	29

C:\Users\Admin\AppData\Local\Temp\4c05af5a8e4330ab6ec3adab0fb63f0e.exe
"C:\Users\Admin\AppData\Local\Temp\4c05af5a8e4330ab6ec3adab0fb63f0e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\4c05af5a8e4330ab6ec3adab0fb63f0e.exe
  C:\Users\Admin\AppData\Local\Temp\4c05af5a8e4330ab6ec3adab0fb63f0e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\4c05af5a8e4330ab6ec3adab0fb63f0e.exe

Filesize
784KB

MD5
6910fac703cc2e61f42f7d1e8c46d3bc

SHA1
b6d3346ef3ad71b1349d4838765484573f40d039

SHA256
632a78330378fc65d0239b16830e9e5d7ec310d2622dcb4f269c30785a0a4f28

SHA512
ec1dc0645bf98979f814b8cf0f6500e7e9ee0ce98f285c9186e78da23d7f00722e36ef766ddd71d70635af1538c274de05195d0509c4b591df4df14be62b76b5

Download Submit
memory/2108-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2108-19-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2108-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2108-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2108-25-0x0000000003080000-0x0000000003213000-memory.dmp

Filesize
1.6MB

Download
memory/2108-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2108-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2164-3-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/2164-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2164-15-0x0000000003160000-0x0000000003472000-memory.dmp

Filesize
3.1MB

Download
memory/2164-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2164-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download