xmrig | ba4569f3bccd7ccf61b913aaa5569892f9bd8e98a349a8b8603393ea841da8dc

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5458035a39008a9151111797fb98eabd.exe
Size

784KB
MD5

5458035a39008a9151111797fb98eabd
SHA1

3b71f4047b376c0d7448a36e2f83ee78d5aacf6b
SHA256

ba4569f3bccd7ccf61b913aaa5569892f9bd8e98a349a8b8603393ea841da8dc
SHA512

1810a6274472c15d3f1a4d9bd230a972fd052a7c47a5ad5331526c85f044a00726d1a11e4b85f4318cbf8f4426f361580e49bb4738b5a0275230eb19c6575c82
SSDEEP

12288:n1AloMXbMjso8ur6qIdX6e0l7Em2/yhgks5SmzDQjymHHAiF:nqeMwQqIdX6e0lGv2mz0jymn9F

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2932-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3068-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3068-25-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/3068-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/3068-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2932-15-0x0000000003200000-0x0000000003512000-memory.dmp	xmrig
behavioral1/memory/2932-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3068	5458035a39008a9151111797fb98eabd.exe

Executes dropped EXE 1 IoCs

pid	Process
3068	5458035a39008a9151111797fb98eabd.exe

Loads dropped DLL 1 IoCs

pid	Process
2932	5458035a39008a9151111797fb98eabd.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000015c46-10.dat	upx
behavioral1/memory/3068-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000015c46-16.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2932	5458035a39008a9151111797fb98eabd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2932	5458035a39008a9151111797fb98eabd.exe
3068	5458035a39008a9151111797fb98eabd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3068	2932	5458035a39008a9151111797fb98eabd.exe	29
PID 2932 wrote to memory of 3068	2932	5458035a39008a9151111797fb98eabd.exe	29
PID 2932 wrote to memory of 3068	2932	5458035a39008a9151111797fb98eabd.exe	29
PID 2932 wrote to memory of 3068	2932	5458035a39008a9151111797fb98eabd.exe	29

C:\Users\Admin\AppData\Local\Temp\5458035a39008a9151111797fb98eabd.exe
"C:\Users\Admin\AppData\Local\Temp\5458035a39008a9151111797fb98eabd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\5458035a39008a9151111797fb98eabd.exe
  C:\Users\Admin\AppData\Local\Temp\5458035a39008a9151111797fb98eabd.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5458035a39008a9151111797fb98eabd.exe

Filesize
92KB

MD5
5ce80b019645b00ae3a328fa5c21ecff

SHA1
cc1e05d8249486fe9bcdff3bfde4046efc449b7e

SHA256
82621fa3150fe8d4dedf34d4c4ddbe6bd32e790ec8087c8ebea5b18fd27c4c9f

SHA512
b053851d9f13416e7945a1ca950b223a3991333598887590978d62109f44d35c8ed400213527e15fc3733f03df6dd1bc97c19b3881ae2411262fa1c07437268e

Download Submit
\Users\Admin\AppData\Local\Temp\5458035a39008a9151111797fb98eabd.exe

Filesize
784KB

MD5
43d1be18478b9ca4c3e97edb959ce5c8

SHA1
3f10fcc694fb8c7113fa2e171cfb1e4708f700df

SHA256
b53d82d48ab61789ad0fa384bdbf51391eb441ee9e5fb6796495df963f7e7b9b

SHA512
7072828c5d19bf22f9fa4c6553ccbebe4dad84dfdbcb5cd8d587ec097bb9bba575ab98a4c8e65ef3c34aa0b0cacacdd46ae3a4a1c6ed5118cb5b2a98090d38ae

Download Submit
memory/2932-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2932-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2932-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2932-15-0x0000000003200000-0x0000000003512000-memory.dmp

Filesize
3.1MB

Download
memory/2932-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3068-25-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/3068-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3068-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3068-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3068-19-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/3068-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download