xmrig | 35ca8170b55b9645c04140eb0f84db5b1ed41073ef673a66f7708acda7a8d69e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54baacb426d2508c8e4af84bf2fd3ef7.exe
Size

784KB
MD5

54baacb426d2508c8e4af84bf2fd3ef7
SHA1

a98b0fc19e0fafe3a3848fefed101b0b7ce3d75f
SHA256

35ca8170b55b9645c04140eb0f84db5b1ed41073ef673a66f7708acda7a8d69e
SHA512

df86d1172a1d8663a6d52f010b24a614a6fc323d806bf13896331146c9ad8c8b0fd23610ee05078db439a52058b7afe440c7d8b2c45826ab398f12321dbfb1f3
SSDEEP

12288:Q0DgV0dW3WltKJHKhv/nZscyi6qwLI9fZ2IB4dmgGFFWfEZI7D3:Q0Wcoe6HO+cyi6ocU4d9iFsEZIv

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/1964-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1964-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1964-14-0x00000000030D0000-0x00000000033E2000-memory.dmp	xmrig
behavioral1/memory/1464-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1464-24-0x0000000002FD0000-0x0000000003163000-memory.dmp	xmrig
behavioral1/memory/1464-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1464-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1464-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1464	54baacb426d2508c8e4af84bf2fd3ef7.exe

Executes dropped EXE 1 IoCs

pid	Process
1464	54baacb426d2508c8e4af84bf2fd3ef7.exe

Loads dropped DLL 1 IoCs

pid	Process
1964	54baacb426d2508c8e4af84bf2fd3ef7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1964-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x00080000000120f8-10.dat	upx
behavioral1/memory/1964-14-0x00000000030D0000-0x00000000033E2000-memory.dmp	upx
behavioral1/memory/1464-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1964	54baacb426d2508c8e4af84bf2fd3ef7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1964	54baacb426d2508c8e4af84bf2fd3ef7.exe
1464	54baacb426d2508c8e4af84bf2fd3ef7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1464	1964	54baacb426d2508c8e4af84bf2fd3ef7.exe	29
PID 1964 wrote to memory of 1464	1964	54baacb426d2508c8e4af84bf2fd3ef7.exe	29
PID 1964 wrote to memory of 1464	1964	54baacb426d2508c8e4af84bf2fd3ef7.exe	29
PID 1964 wrote to memory of 1464	1964	54baacb426d2508c8e4af84bf2fd3ef7.exe	29

C:\Users\Admin\AppData\Local\Temp\54baacb426d2508c8e4af84bf2fd3ef7.exe
"C:\Users\Admin\AppData\Local\Temp\54baacb426d2508c8e4af84bf2fd3ef7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Users\Admin\AppData\Local\Temp\54baacb426d2508c8e4af84bf2fd3ef7.exe
  C:\Users\Admin\AppData\Local\Temp\54baacb426d2508c8e4af84bf2fd3ef7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\54baacb426d2508c8e4af84bf2fd3ef7.exe

Filesize
784KB

MD5
b2c97500a2cc34cca2898e0b6482e22c

SHA1
cbf879f4c3007d2d378b6a4e49b56f79a00065a6

SHA256
8f658dc663e0f150b977faaba8631f2350ca51f256c0b5047b4a26b95a15353b

SHA512
f5e4f28f6e1275092c03a4e6eee79e644bad02b9296a77dd888133b567f69999ad9662453d2a710fcf54515bb1f7ea611cdbdfffca686faf7b43293d1164f98b

Download Submit
memory/1464-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1464-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1464-18-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/1464-24-0x0000000002FD0000-0x0000000003163000-memory.dmp

Filesize
1.6MB

Download
memory/1464-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1464-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1464-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1964-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1964-1-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1964-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1964-14-0x00000000030D0000-0x00000000033E2000-memory.dmp

Filesize
3.1MB

Download
memory/1964-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download