xmrig | 35ca8170b55b9645c04140eb0f84db5b1ed41073ef673a66f7708acda7a8d69e

Analysis

max time kernel
134s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 22:17

Target

54baacb426d2508c8e4af84bf2fd3ef7.exe
Size

784KB
MD5

54baacb426d2508c8e4af84bf2fd3ef7
SHA1

a98b0fc19e0fafe3a3848fefed101b0b7ce3d75f
SHA256

35ca8170b55b9645c04140eb0f84db5b1ed41073ef673a66f7708acda7a8d69e
SHA512

df86d1172a1d8663a6d52f010b24a614a6fc323d806bf13896331146c9ad8c8b0fd23610ee05078db439a52058b7afe440c7d8b2c45826ab398f12321dbfb1f3
SSDEEP

12288:Q0DgV0dW3WltKJHKhv/nZscyi6qwLI9fZ2IB4dmgGFFWfEZI7D3:Q0Wcoe6HO+cyi6ocU4d9iFsEZIv

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4620-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4620-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4160-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4160-20-0x00000000052F0000-0x0000000005483000-memory.dmp	xmrig
behavioral2/memory/4160-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4160-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4160-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4160	54baacb426d2508c8e4af84bf2fd3ef7.exe

Executes dropped EXE 1 IoCs

pid	Process
4160	54baacb426d2508c8e4af84bf2fd3ef7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4620-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000002313a-11.dat	upx
behavioral2/memory/4160-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4620	54baacb426d2508c8e4af84bf2fd3ef7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4620	54baacb426d2508c8e4af84bf2fd3ef7.exe
4160	54baacb426d2508c8e4af84bf2fd3ef7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4160	4620	54baacb426d2508c8e4af84bf2fd3ef7.exe	93
PID 4620 wrote to memory of 4160	4620	54baacb426d2508c8e4af84bf2fd3ef7.exe	93
PID 4620 wrote to memory of 4160	4620	54baacb426d2508c8e4af84bf2fd3ef7.exe	93

C:\Users\Admin\AppData\Local\Temp\54baacb426d2508c8e4af84bf2fd3ef7.exe

Filesize
784KB

MD5
f470bdfce8b9cbb560fcf02cc67d4f2b

SHA1
914fb3e239826848cfd741170496d618d2f79486

SHA256
79e219a5ba55801e8421c7caec4ec438199ccbd61d4dcfadf53cc15a5871ea46

SHA512
c9fd1ba523432e6f1f84145b57b16890fc549b6cdd5ab45d2d895b8ac160e74a3ff43bbcfda0e36abb4e30e5a6df94a456bf8ba14d45f8358254be17fc5467a6

Download Submit
memory/4160-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4160-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4160-15-0x0000000001A80000-0x0000000001B44000-memory.dmp

Filesize
784KB

Download
memory/4160-20-0x00000000052F0000-0x0000000005483000-memory.dmp

Filesize
1.6MB

Download
memory/4160-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4160-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4160-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/4620-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4620-1-0x00000000019F0000-0x0000000001AB4000-memory.dmp

Filesize
784KB

Download
memory/4620-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4620-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download