xmrig | fe67517112f73c3021bac71bf21f59bfe3bfce85bed733bac75ccb4121494376

Analysis

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6533e0398d6c4234c10b0a1c421bcdc1.exe
Size

784KB
MD5

6533e0398d6c4234c10b0a1c421bcdc1
SHA1

66733bb203f8b111d51ad24f6780cd166bcc62a4
SHA256

fe67517112f73c3021bac71bf21f59bfe3bfce85bed733bac75ccb4121494376
SHA512

b5838c41f654ce5408f9d042a85159ff7b8169d2810050f044f8f1cb6f2be4f279b8d6151eb30e22455d5ed02b3f82322910cd4508ff6ae0f1cf23d8fc087246
SSDEEP

12288:ck6mpEuerMeER5Q1bhlAGHz7PKR7+GqW8p9ZRrjY1BaJE7FMFXLmcOfp7NXAYylq:EyKQtR5qrz7PpBnA5R4A7NwYyl6H

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4952-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4952-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3416-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3416-20-0x00000000053A0000-0x0000000005533000-memory.dmp	xmrig
behavioral2/memory/3416-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3416-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3416	6533e0398d6c4234c10b0a1c421bcdc1.exe

Executes dropped EXE 1 IoCs

pid	Process
3416	6533e0398d6c4234c10b0a1c421bcdc1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4952-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000b000000022ff9-11.dat	upx
behavioral2/memory/3416-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4952	6533e0398d6c4234c10b0a1c421bcdc1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4952	6533e0398d6c4234c10b0a1c421bcdc1.exe
3416	6533e0398d6c4234c10b0a1c421bcdc1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 3416	4952	6533e0398d6c4234c10b0a1c421bcdc1.exe	89
PID 4952 wrote to memory of 3416	4952	6533e0398d6c4234c10b0a1c421bcdc1.exe	89
PID 4952 wrote to memory of 3416	4952	6533e0398d6c4234c10b0a1c421bcdc1.exe	89

C:\Users\Admin\AppData\Local\Temp\6533e0398d6c4234c10b0a1c421bcdc1.exe
"C:\Users\Admin\AppData\Local\Temp\6533e0398d6c4234c10b0a1c421bcdc1.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Users\Admin\AppData\Local\Temp\6533e0398d6c4234c10b0a1c421bcdc1.exe
  C:\Users\Admin\AppData\Local\Temp\6533e0398d6c4234c10b0a1c421bcdc1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6533e0398d6c4234c10b0a1c421bcdc1.exe

Filesize
784KB

MD5
6384a0b327e8373c4dae52a10f4b0243

SHA1
3bb9c8a657242fb01a3a92ece7581e0cf1f0a832

SHA256
efa6b728f8d2d87f9be8f5f25dd7e2d6553fb554688c886c3e336bb87de71154

SHA512
d1e5245e407e145a4f7b5535f8830b3e8d42e6b2535881b8b66ac8d740c04baac276e4854f170056fe3787cc0881251feafa0d3ebd048099ca58f2608a1d24c7

Download Submit
memory/3416-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3416-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3416-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3416-20-0x00000000053A0000-0x0000000005533000-memory.dmp

Filesize
1.6MB

Download
memory/3416-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3416-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4952-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4952-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4952-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4952-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download