xmrig | ae8f5ea140ab23cc49c178b572ace22efdc94725b506004340d1b5e503e43a40

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

376ee934cb113e4c4428e3a0e804ff7f.exe
Size

784KB
MD5

376ee934cb113e4c4428e3a0e804ff7f
SHA1

deec05f0e8c14d6459d59e17d599b9819354f73b
SHA256

ae8f5ea140ab23cc49c178b572ace22efdc94725b506004340d1b5e503e43a40
SHA512

a05c15dd87c9b5012f8bfe4691485d88e776e4373b8b1e3ec8c259a66791b7203b0bebefa1e32d2f844e2ba96c47491091b39b432cc898dce80c9b0d767cda37
SSDEEP

24576:wR9uqULUIazOkBdR0nm5hHOQ2OoS2pG4e3VbYNKT:37LUIaPRcGhuQ334aON

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4616-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4616-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1860-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1860-20-0x0000000005460000-0x00000000055F3000-memory.dmp	xmrig
behavioral2/memory/1860-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1860-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1860	376ee934cb113e4c4428e3a0e804ff7f.exe

Executes dropped EXE 1 IoCs

pid	Process
1860	376ee934cb113e4c4428e3a0e804ff7f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4616-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/1860-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023214-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4616	376ee934cb113e4c4428e3a0e804ff7f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4616	376ee934cb113e4c4428e3a0e804ff7f.exe
1860	376ee934cb113e4c4428e3a0e804ff7f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 1860	4616	376ee934cb113e4c4428e3a0e804ff7f.exe	92
PID 4616 wrote to memory of 1860	4616	376ee934cb113e4c4428e3a0e804ff7f.exe	92
PID 4616 wrote to memory of 1860	4616	376ee934cb113e4c4428e3a0e804ff7f.exe	92

C:\Users\Admin\AppData\Local\Temp\376ee934cb113e4c4428e3a0e804ff7f.exe
"C:\Users\Admin\AppData\Local\Temp\376ee934cb113e4c4428e3a0e804ff7f.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Users\Admin\AppData\Local\Temp\376ee934cb113e4c4428e3a0e804ff7f.exe
  C:\Users\Admin\AppData\Local\Temp\376ee934cb113e4c4428e3a0e804ff7f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\376ee934cb113e4c4428e3a0e804ff7f.exe

Filesize
441KB

MD5
2eca21b0f392f0e15c6b8abd679f5187

SHA1
0b525ebc1233dbedf9c522f6375605c28cd3d5a5

SHA256
5e7612e164bcb6c27127323af99a571d78c8a7f312d6ed2b5b35834aec197ea5

SHA512
7c3c257f7b98288f0121cc1c71a15d17ae20e7adfb160f459cca81a67b7b0660f3524fdd5a9b4316614dbf0919c068dc3849e7e7c3ebe3075b99fe295e918323

Download Submit
memory/1860-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1860-14-0x00000000018D0000-0x0000000001994000-memory.dmp

Filesize
784KB

Download
memory/1860-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1860-20-0x0000000005460000-0x00000000055F3000-memory.dmp

Filesize
1.6MB

Download
memory/1860-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1860-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4616-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4616-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4616-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4616-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download