xmrig | 5db2dbdcd02c2dfb7e88eaac3ed576462f3be79121aee895fc107f307c1b9dfc

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a3b20139c1c8ee89f8277fa2b7776ee.exe
Size

784KB
MD5

5a3b20139c1c8ee89f8277fa2b7776ee
SHA1

e5b1ccd32632883c5d96832dceba774b8d056f5e
SHA256

5db2dbdcd02c2dfb7e88eaac3ed576462f3be79121aee895fc107f307c1b9dfc
SHA512

da2b583f1b9c0d2122055423c6ddaea184e7a1f3869fba1b2c8635935bd3a1825c4bd4b87d3ed4567d8b5c0379fff04b33f571f5d3f074907c530562739f8c32
SSDEEP

24576:Qhv0v+NxfOKjjwyW+Vj5grXzu+UtE9snusjawr:K0WOd+Vj5grXzuV69susjaw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2240-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2272-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2272-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2272-27-0x00000000031E0000-0x0000000003373000-memory.dmp	xmrig
behavioral1/memory/2272-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2240-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2272	5a3b20139c1c8ee89f8277fa2b7776ee.exe

Executes dropped EXE 1 IoCs

pid	Process
2272	5a3b20139c1c8ee89f8277fa2b7776ee.exe

Loads dropped DLL 1 IoCs

pid	Process
2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c00000001220d-10.dat	upx
behavioral1/files/0x000c00000001220d-16.dat	upx
behavioral1/memory/2272-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2240-15-0x00000000030E0000-0x00000000033F2000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe
2272	5a3b20139c1c8ee89f8277fa2b7776ee.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2272	2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe	29
PID 2240 wrote to memory of 2272	2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe	29
PID 2240 wrote to memory of 2272	2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe	29
PID 2240 wrote to memory of 2272	2240	5a3b20139c1c8ee89f8277fa2b7776ee.exe	29

C:\Users\Admin\AppData\Local\Temp\5a3b20139c1c8ee89f8277fa2b7776ee.exe
"C:\Users\Admin\AppData\Local\Temp\5a3b20139c1c8ee89f8277fa2b7776ee.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\5a3b20139c1c8ee89f8277fa2b7776ee.exe
  C:\Users\Admin\AppData\Local\Temp\5a3b20139c1c8ee89f8277fa2b7776ee.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5a3b20139c1c8ee89f8277fa2b7776ee.exe

Filesize
352KB

MD5
330adf5458582e9c8291ac857ede5236

SHA1
2f2828ed3bd97f6fb7e0c8d971aa847f8f9e4c55

SHA256
e152b069e54611d5277bac53ea240ec218ddaa8843d23d276ea8f135f9628add

SHA512
20cc9cb6ae24815655f5c1e41beee3c2be009b376c106b2481736b63019d85c3bfa443455d364617133930f249d2556111c9dcf00c9c15d0e2c8136e888242a3

Download Submit
\Users\Admin\AppData\Local\Temp\5a3b20139c1c8ee89f8277fa2b7776ee.exe

Filesize
193KB

MD5
13e11b6023907795a2b3f27ee7abe851

SHA1
098fd6e8d84d4a83d0b7c673df9121c50d218daa

SHA256
3f2aeeb2aee97c82ae024335dc7e01bcc7f70fbb392a4cc324717b63dce5c0f5

SHA512
bc47ba4b076328556c9c0fd5f18da84d51e35f00c1f09797031b32153485dc091bb1c4ba91485aa56904b419f776625f0d3c31f42376e26af6c4d308fb608fa1

Download Submit
memory/2240-15-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/2240-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2240-3-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/2240-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2240-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2272-20-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2272-27-0x00000000031E0000-0x0000000003373000-memory.dmp

Filesize
1.6MB

Download
memory/2272-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2272-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2272-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2272-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download