xmrig | 1eb3c756816a321440f53f22b306150f183799db729129711bfbd63ce761c10f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51a43a3bc8cfe74b63ea4bc5a9d09a54.exe
Size

784KB
MD5

51a43a3bc8cfe74b63ea4bc5a9d09a54
SHA1

a2a908e31e1b2aa6f4eac863a3fa13b866b730ad
SHA256

1eb3c756816a321440f53f22b306150f183799db729129711bfbd63ce761c10f
SHA512

98b4e8f8bd249e7d3b5f4f49564213db83fb00c9d3d72287eb2f628192a75185d43630d1c0b1dfb03ab3b397b9156a11180b051a4fd3cc288ea9985472946d83
SSDEEP

12288:UPX+yG3OFzs5MqaVpzzmiq13zB2q1BT2eH072zgg4EDQsB+sH4Tr1qfhHXFuxcFF:IX3FNqc6x1gqmQ0yzggrUzsHVX0an3

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2240-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3048-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3048-18-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2240-16-0x0000000003210000-0x0000000003522000-memory.dmp	xmrig
behavioral1/memory/2240-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3048-26-0x0000000003200000-0x0000000003393000-memory.dmp	xmrig
behavioral1/memory/3048-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/3048-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3048	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

Executes dropped EXE 1 IoCs

pid	Process
3048	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

Loads dropped DLL 1 IoCs

pid	Process
2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b0000000126ab-10.dat	upx
behavioral1/files/0x000b0000000126ab-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe
3048	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 3048	2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe	29
PID 2240 wrote to memory of 3048	2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe	29
PID 2240 wrote to memory of 3048	2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe	29
PID 2240 wrote to memory of 3048	2240	51a43a3bc8cfe74b63ea4bc5a9d09a54.exe	29

C:\Users\Admin\AppData\Local\Temp\51a43a3bc8cfe74b63ea4bc5a9d09a54.exe
"C:\Users\Admin\AppData\Local\Temp\51a43a3bc8cfe74b63ea4bc5a9d09a54.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\51a43a3bc8cfe74b63ea4bc5a9d09a54.exe
  C:\Users\Admin\AppData\Local\Temp\51a43a3bc8cfe74b63ea4bc5a9d09a54.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

Filesize
64KB

MD5
3c68a8a0090d1b0f8b7cd1c79613b64a

SHA1
fa2e4a50ce94bea4369a87b743a76af7a7d959f7

SHA256
c09671a1702a68130ef9c4a492d77710785332831e5562e8abbc82fa69a3844b

SHA512
599ccaa4b2f7511836d0fa48fd326aed2d74834ad52902b0981476e31979c0809c1a532045442b88f5dd1ec798983b19ffac76b3d2297f8f8671bc2a61e37d59

Download Submit
\Users\Admin\AppData\Local\Temp\51a43a3bc8cfe74b63ea4bc5a9d09a54.exe

Filesize
133KB

MD5
3edb70ec6f59aabc7c19b98f2b1a7f92

SHA1
c8c8d26a100f2d20b1eb75784a6a37c2e6d616b2

SHA256
2db3f1f7de7fbc9b82a8103b16b0ae701344ad8eaca7e72ef5334c5fb8f25410

SHA512
4176169c2aca9595ff31bf9533416a2915994bb129cfb0c2b2da03a57ac7abbae43f1684c314088ed24950cc7a9c6c0a89a1b94adc5a4212b4a0023670f206f1

Download Submit
memory/2240-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2240-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2240-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2240-16-0x0000000003210000-0x0000000003522000-memory.dmp

Filesize
3.1MB

Download
memory/2240-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3048-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3048-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3048-20-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/3048-26-0x0000000003200000-0x0000000003393000-memory.dmp

Filesize
1.6MB

Download
memory/3048-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3048-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download