xmrig | b0f552e0a5dec2e6c78d68722cca83572143730fddcbc3cbd79606441076d4f2

Analysis

max time kernel
144s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4edcafd90730ed953fbe2ee072a60e12.exe
Size

784KB
MD5

4edcafd90730ed953fbe2ee072a60e12
SHA1

9da5c8e62cf1e9ac47a775a0037cec3e0e6a3e96
SHA256

b0f552e0a5dec2e6c78d68722cca83572143730fddcbc3cbd79606441076d4f2
SHA512

2c26e8c2dc34a4c72af71d09819d02b5a19fce7a4312593278faecfb06b4de3eb2a21b30972074c7957c6ba3b30b92d0c75c0c44d79b225a893c02c4dd6e3f85
SSDEEP

12288:m26yxIDBq9bVwZe1iTegx7DyFe6EsfiXB5yuSeUPTU0C58mOdkdk6Lw+j5lhYtk:sDBq9qLTegNk5U/R+QD5BPdA+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4984-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4984-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1228-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1228-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1228-21-0x00000000053E0000-0x0000000005573000-memory.dmp	xmrig
behavioral2/memory/1228-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1228	4edcafd90730ed953fbe2ee072a60e12.exe

Executes dropped EXE 1 IoCs

pid	Process
1228	4edcafd90730ed953fbe2ee072a60e12.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4984-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00070000000231e4-11.dat	upx
behavioral2/memory/1228-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4984	4edcafd90730ed953fbe2ee072a60e12.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4984	4edcafd90730ed953fbe2ee072a60e12.exe
1228	4edcafd90730ed953fbe2ee072a60e12.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 1228	4984	4edcafd90730ed953fbe2ee072a60e12.exe	28
PID 4984 wrote to memory of 1228	4984	4edcafd90730ed953fbe2ee072a60e12.exe	28
PID 4984 wrote to memory of 1228	4984	4edcafd90730ed953fbe2ee072a60e12.exe	28

C:\Users\Admin\AppData\Local\Temp\4edcafd90730ed953fbe2ee072a60e12.exe
"C:\Users\Admin\AppData\Local\Temp\4edcafd90730ed953fbe2ee072a60e12.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Users\Admin\AppData\Local\Temp\4edcafd90730ed953fbe2ee072a60e12.exe
  C:\Users\Admin\AppData\Local\Temp\4edcafd90730ed953fbe2ee072a60e12.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4edcafd90730ed953fbe2ee072a60e12.exe

Filesize
70KB

MD5
0769f445f11fe343a78745709616bfcc

SHA1
d1c898b57be56aa7778c1d3636670326f5ffe9d8

SHA256
cc31ca95f039877bbba318f8741770b3606fd6bcf480113ceb2d19131521cb8b

SHA512
32e5bc6de0ffe60608a4000f8bd4c3beb6acca031cce66e20bea8e773647648d2506d76ae0f2e0f4029e068a663185036e08c0f79444a92d80642ae9ce3a9aa2

Download Submit
memory/1228-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1228-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1228-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1228-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1228-21-0x00000000053E0000-0x0000000005573000-memory.dmp

Filesize
1.6MB

Download
memory/1228-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4984-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4984-1-0x0000000001B10000-0x0000000001BD4000-memory.dmp

Filesize
784KB

Download
memory/4984-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4984-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download