xmrig | a6ec206eea7b857bd87e00ad0d66ff5f82d14953984c578bb6a3de0ca3631e75

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67a724067571a1a716ebc5e9a14a4243.exe
Size

784KB
MD5

67a724067571a1a716ebc5e9a14a4243
SHA1

584e1bf60f0826c6ce7a2552e4322ec7874eebb6
SHA256

a6ec206eea7b857bd87e00ad0d66ff5f82d14953984c578bb6a3de0ca3631e75
SHA512

e6f6e83712864e546cc17d135f112124ddbcd4ad5a98fa6b18467477da7122ac14ac0616cc33be624ccab4c7da66fc7b32e5124f523b5796d65373d3c3a1c5ec
SSDEEP

12288:VkWLkT2kMoA/Bfum/8q4+5E8OiyD1rEgnjJald1G1zshb5mZfYT5+7IBRPZO1/RZ:fLki7odg8mE79FLc01zsCGtz2/YB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4712-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4712-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1928-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1928-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1928-22-0x0000000005400000-0x0000000005593000-memory.dmp	xmrig
behavioral2/memory/1928-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1928	67a724067571a1a716ebc5e9a14a4243.exe

Executes dropped EXE 1 IoCs

pid	Process
1928	67a724067571a1a716ebc5e9a14a4243.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4712-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000002320c-11.dat	upx
behavioral2/memory/1928-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4712	67a724067571a1a716ebc5e9a14a4243.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4712	67a724067571a1a716ebc5e9a14a4243.exe
1928	67a724067571a1a716ebc5e9a14a4243.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 1928	4712	67a724067571a1a716ebc5e9a14a4243.exe	88
PID 4712 wrote to memory of 1928	4712	67a724067571a1a716ebc5e9a14a4243.exe	88
PID 4712 wrote to memory of 1928	4712	67a724067571a1a716ebc5e9a14a4243.exe	88

C:\Users\Admin\AppData\Local\Temp\67a724067571a1a716ebc5e9a14a4243.exe
"C:\Users\Admin\AppData\Local\Temp\67a724067571a1a716ebc5e9a14a4243.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Users\Admin\AppData\Local\Temp\67a724067571a1a716ebc5e9a14a4243.exe
  C:\Users\Admin\AppData\Local\Temp\67a724067571a1a716ebc5e9a14a4243.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\67a724067571a1a716ebc5e9a14a4243.exe

Filesize
340KB

MD5
bac9a0ffc8de3f0b8f597cdf78c0d07a

SHA1
a2cb86c28a66849646d365b25161b25dbbf7eef1

SHA256
ad8b6d199cd320911521ed7dd84235a904fa12f5f8bd1bb77de0b79d5950820a

SHA512
00432d587e91a9f9034a354205da4b98c07dcf220247c293c963a35a5ffbfb2856ef6bd77f7ca752ad3734ab2d74eb5bc9b9c0f0a3c462390ea4af2f2fab6224

Download Submit
memory/1928-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1928-16-0x0000000001A10000-0x0000000001AD4000-memory.dmp

Filesize
784KB

Download
memory/1928-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1928-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1928-22-0x0000000005400000-0x0000000005593000-memory.dmp

Filesize
1.6MB

Download
memory/1928-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4712-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4712-1-0x0000000001A40000-0x0000000001B04000-memory.dmp

Filesize
784KB

Download
memory/4712-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4712-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download