xmrig | 17d596da882046a3e342c9cac40febff9ce88e5a82bfb217a3aa965594f47d94

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66edd7c524799d74f7dba3e99d9d4d62.exe
Size

784KB
MD5

66edd7c524799d74f7dba3e99d9d4d62
SHA1

34d5f8a62fc82d641ba80a6f34f2b90930740100
SHA256

17d596da882046a3e342c9cac40febff9ce88e5a82bfb217a3aa965594f47d94
SHA512

6062f9b202a97f723ee2dbc73fddfbd605050434c50a1c0b5548af766958fc0afde5e84e4e4769306898ab156028d009bc6ce85a50770021ea779561137ee039
SSDEEP

24576:j4gSQnJRAuYwlJ/vfdG5swME50wZNjmiYSbu+:8gSQoudZQ5xME9jmR

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1016-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2088-16-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2088-22-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2088-23-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/2088-32-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1016-33-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2088	66edd7c524799d74f7dba3e99d9d4d62.exe

Executes dropped EXE 1 IoCs

pid	Process
2088	66edd7c524799d74f7dba3e99d9d4d62.exe

Loads dropped DLL 1 IoCs

pid	Process
1016	66edd7c524799d74f7dba3e99d9d4d62.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1016-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012262-10.dat	upx
behavioral1/memory/2088-15-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1016	66edd7c524799d74f7dba3e99d9d4d62.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1016	66edd7c524799d74f7dba3e99d9d4d62.exe
2088	66edd7c524799d74f7dba3e99d9d4d62.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 2088	1016	66edd7c524799d74f7dba3e99d9d4d62.exe	29
PID 1016 wrote to memory of 2088	1016	66edd7c524799d74f7dba3e99d9d4d62.exe	29
PID 1016 wrote to memory of 2088	1016	66edd7c524799d74f7dba3e99d9d4d62.exe	29
PID 1016 wrote to memory of 2088	1016	66edd7c524799d74f7dba3e99d9d4d62.exe	29

C:\Users\Admin\AppData\Local\Temp\66edd7c524799d74f7dba3e99d9d4d62.exe
"C:\Users\Admin\AppData\Local\Temp\66edd7c524799d74f7dba3e99d9d4d62.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Local\Temp\66edd7c524799d74f7dba3e99d9d4d62.exe
  C:\Users\Admin\AppData\Local\Temp\66edd7c524799d74f7dba3e99d9d4d62.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\66edd7c524799d74f7dba3e99d9d4d62.exe

Filesize
784KB

MD5
a52a7ac1da880388a0c0bcd7d2b29d08

SHA1
5c9794f908e6d0dd7b0ee3c632dc217db6871c71

SHA256
7c7f4a1f6b809030c5cdb464e762c76456aba105f71a9bf0ca98a88eba3e4a43

SHA512
efdf0faea4698c68b4bf087fcb3445eda1f8cca11c7543aca729b1eae25e104e007ac1f962d52e6c964d774f21d095b677de85ca1800ba2c45b74ec9b29fcd1b

Download Submit
memory/1016-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1016-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/1016-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1016-33-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2088-15-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2088-16-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2088-17-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2088-22-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2088-23-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/2088-32-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download