xmrig | cfc2731b25f05066ce9e860b19c82f62f8e09e82dc312e7e08d77a2184c03665

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 05:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d7210f3e265f53dc5384dbeca5676bf.exe
Size

784KB
MD5

4d7210f3e265f53dc5384dbeca5676bf
SHA1

0dc85fd3dbf974245e0892ace4a488d6e949d003
SHA256

cfc2731b25f05066ce9e860b19c82f62f8e09e82dc312e7e08d77a2184c03665
SHA512

e53034ff89b0e802a12439e8268c2a7284e412525f96327ed692d8f111114d1307f767f37cee7dfd0a5407b06bb5c298528ff490d98abba3914dfb9e591fab88
SSDEEP

24576:QjU7G4Jsu4EnT8Fa18ivc+ZrbUverkiYOTJwvoQhG3OHN:esyu481dv5E2rlYgJwvO3oN

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1068-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1068-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/1068-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1068-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2004-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2004-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1068	4d7210f3e265f53dc5384dbeca5676bf.exe

Executes dropped EXE 1 IoCs

pid	Process
1068	4d7210f3e265f53dc5384dbeca5676bf.exe

Loads dropped DLL 1 IoCs

pid	Process
2004	4d7210f3e265f53dc5384dbeca5676bf.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1068-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012238-16.dat	upx
behavioral1/memory/2004-15-0x00000000031B0000-0x00000000034C2000-memory.dmp	upx
behavioral1/memory/2004-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2004	4d7210f3e265f53dc5384dbeca5676bf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2004	4d7210f3e265f53dc5384dbeca5676bf.exe
1068	4d7210f3e265f53dc5384dbeca5676bf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1068	2004	4d7210f3e265f53dc5384dbeca5676bf.exe	1
PID 2004 wrote to memory of 1068	2004	4d7210f3e265f53dc5384dbeca5676bf.exe	1
PID 2004 wrote to memory of 1068	2004	4d7210f3e265f53dc5384dbeca5676bf.exe	1
PID 2004 wrote to memory of 1068	2004	4d7210f3e265f53dc5384dbeca5676bf.exe	1

C:\Users\Admin\AppData\Local\Temp\4d7210f3e265f53dc5384dbeca5676bf.exe
C:\Users\Admin\AppData\Local\Temp\4d7210f3e265f53dc5384dbeca5676bf.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1068

C:\Users\Admin\AppData\Local\Temp\4d7210f3e265f53dc5384dbeca5676bf.exe
"C:\Users\Admin\AppData\Local\Temp\4d7210f3e265f53dc5384dbeca5676bf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4d7210f3e265f53dc5384dbeca5676bf.exe

Filesize
784KB

MD5
f7f714cd9cdf9e5645d8bac5710be7ab

SHA1
5015fb9a18426aceb4d6126ed1a37bb1a88e874b

SHA256
09a595df5fb5dc7537a4270cd878b00b1edf4b1224ac30ef7fda24bfb6412f7f

SHA512
bdff9010d29e87971d96cc0b3cc34000bbc06f159008ada701a2276f7ac1a0fbf7d00c9b857fa16ec4dc0f76395292c5e64073fb2f959b7e7fbc837eac13e92f

Download Submit
memory/1068-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1068-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/1068-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1068-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1068-18-0x00000000002C0000-0x0000000000384000-memory.dmp

Filesize
784KB

Download
memory/1068-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2004-15-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download
memory/2004-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2004-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2004-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2004-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download