xmrig | 59ee8fb0d58f98286acaff8085e8f8fcef5883e31b5ca378f7e7f8ed6d8affe2

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53f947e56cf1f1132ecb61862d80b1a2.exe
Size

784KB
MD5

53f947e56cf1f1132ecb61862d80b1a2
SHA1

351dd4863f08743a67d122ae795546c854a979a0
SHA256

59ee8fb0d58f98286acaff8085e8f8fcef5883e31b5ca378f7e7f8ed6d8affe2
SHA512

f46e2ae91d25a34c1af2bc25e24cdd6ca1ff94e33e9a91644702a6ea47a64d9fcd3f3d32c309a07e764c921338bb57fbdf9e44d4f0bb6b7637c2deba74d7a2e0
SSDEEP

12288:qByYEfxlwns6+BBv8EIHpQ1tBEDb3NezYZ5CirHzLcGShQ+p44DtBmkl:qBUfwnsXvQpQaDb30zYZ5CirTxShntB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2424-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2424-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2424-15-0x00000000031F0000-0x0000000003502000-memory.dmp	xmrig
behavioral1/memory/844-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/844-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/844-26-0x0000000003260000-0x00000000033F3000-memory.dmp	xmrig
behavioral1/memory/844-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
844	53f947e56cf1f1132ecb61862d80b1a2.exe

Executes dropped EXE 1 IoCs

pid	Process
844	53f947e56cf1f1132ecb61862d80b1a2.exe

Loads dropped DLL 1 IoCs

pid	Process
2424	53f947e56cf1f1132ecb61862d80b1a2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2424-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012238-10.dat	upx
behavioral1/memory/2424-15-0x00000000031F0000-0x0000000003502000-memory.dmp	upx
behavioral1/memory/844-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2424	53f947e56cf1f1132ecb61862d80b1a2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2424	53f947e56cf1f1132ecb61862d80b1a2.exe
844	53f947e56cf1f1132ecb61862d80b1a2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 844	2424	53f947e56cf1f1132ecb61862d80b1a2.exe	29
PID 2424 wrote to memory of 844	2424	53f947e56cf1f1132ecb61862d80b1a2.exe	29
PID 2424 wrote to memory of 844	2424	53f947e56cf1f1132ecb61862d80b1a2.exe	29
PID 2424 wrote to memory of 844	2424	53f947e56cf1f1132ecb61862d80b1a2.exe	29

C:\Users\Admin\AppData\Local\Temp\53f947e56cf1f1132ecb61862d80b1a2.exe
"C:\Users\Admin\AppData\Local\Temp\53f947e56cf1f1132ecb61862d80b1a2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\53f947e56cf1f1132ecb61862d80b1a2.exe
  C:\Users\Admin\AppData\Local\Temp\53f947e56cf1f1132ecb61862d80b1a2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\53f947e56cf1f1132ecb61862d80b1a2.exe

Filesize
784KB

MD5
f64c363f57ef07c542eb0b102d11861b

SHA1
e4d3c5a14c852100050a8a3a3fdeeedb5a6cc2d3

SHA256
7cf6d38711845b57be1afa4349406fb99c4ea6a5c192e2680060107c9b962268

SHA512
da0ffaf4c198876d044dfbb2d6dc6498c9dbac05ce2d75a158b00e96007ce8902b7e8a5fdb7359e5493caa55033dbeead6c7048436993856cf59d51cd4ddf3f6

Download Submit
memory/844-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/844-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/844-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/844-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/844-26-0x0000000003260000-0x00000000033F3000-memory.dmp

Filesize
1.6MB

Download
memory/844-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2424-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2424-2-0x0000000000200000-0x00000000002C4000-memory.dmp

Filesize
784KB

Download
memory/2424-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2424-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2424-15-0x00000000031F0000-0x0000000003502000-memory.dmp

Filesize
3.1MB

Download