xmrig | 143d30dd469de38126c66fafcb9a0efa3394caba1705b7654ada1afda2da270a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

684a09c062742f6032ea7f8b4a642d3d.exe
Size

784KB
MD5

684a09c062742f6032ea7f8b4a642d3d
SHA1

343f8bb1b913c8b9417458dc8e432a0ce1b51526
SHA256

143d30dd469de38126c66fafcb9a0efa3394caba1705b7654ada1afda2da270a
SHA512

e27d73a265eb43405a0b45f00869dc9502186722b40580c361ea2e51cb29aebee5db0032611f5bdd6a36efa53cab9d9a77691e5dce2886929175b3ac883172b9
SSDEEP

24576:Bto8plYP6wbGpa5KyohY5EwFna016cvsmKHe:Ho8HO6IGij78CvS+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2356-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2112-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2356-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2112-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2112-29-0x0000000003210000-0x00000000033A3000-memory.dmp	xmrig
behavioral1/memory/2112-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2112	684a09c062742f6032ea7f8b4a642d3d.exe

Executes dropped EXE 1 IoCs

pid	Process
2112	684a09c062742f6032ea7f8b4a642d3d.exe

Loads dropped DLL 1 IoCs

pid	Process
2356	684a09c062742f6032ea7f8b4a642d3d.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2356-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012251-10.dat	upx
behavioral1/files/0x000b000000012251-16.dat	upx
behavioral1/memory/2112-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2356-15-0x00000000032C0000-0x00000000035D2000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2356	684a09c062742f6032ea7f8b4a642d3d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2356	684a09c062742f6032ea7f8b4a642d3d.exe
2112	684a09c062742f6032ea7f8b4a642d3d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2112	2356	684a09c062742f6032ea7f8b4a642d3d.exe	29
PID 2356 wrote to memory of 2112	2356	684a09c062742f6032ea7f8b4a642d3d.exe	29
PID 2356 wrote to memory of 2112	2356	684a09c062742f6032ea7f8b4a642d3d.exe	29
PID 2356 wrote to memory of 2112	2356	684a09c062742f6032ea7f8b4a642d3d.exe	29

C:\Users\Admin\AppData\Local\Temp\684a09c062742f6032ea7f8b4a642d3d.exe
"C:\Users\Admin\AppData\Local\Temp\684a09c062742f6032ea7f8b4a642d3d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\684a09c062742f6032ea7f8b4a642d3d.exe
  C:\Users\Admin\AppData\Local\Temp\684a09c062742f6032ea7f8b4a642d3d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\684a09c062742f6032ea7f8b4a642d3d.exe

Filesize
576KB

MD5
26f1082f57a028572b1d0629136c31a6

SHA1
956d9681f41c8a502431b59bb3946188c3386524

SHA256
a361fd5d906c0ba94e6b3bc8f9b17175bbbe220a423bbcd78d8764d26f543d25

SHA512
86b20fddd1a84bd66f1c45a0e0b84ccf91b935b009578c053d47185c4f02cfc14f30dd3860dd50d48ee66301b87f1979242a9d76a13b051e59486b4a05870ce6

Download Submit
\Users\Admin\AppData\Local\Temp\684a09c062742f6032ea7f8b4a642d3d.exe

Filesize
784KB

MD5
889285c6c66b4888fe28d33e093c5808

SHA1
4c31e8ee2526b5c7b160825e854afc87d3e2f8b1

SHA256
be64e5300d77e84ec510c53a04fe99f94323503d34d4bd76f8f46821d84fe8c5

SHA512
a1253be4cd10d59234ae6587adea72fcb90e8da5e63fd09f570d794b6310d2e45a2e04a57ac32e7004c7c364b47d0aecc964e7a89b7d2fff6c41e564c6834594

Download Submit
memory/2112-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2112-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2112-29-0x0000000003210000-0x00000000033A3000-memory.dmp

Filesize
1.6MB

Download
memory/2112-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2112-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2112-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2356-15-0x00000000032C0000-0x00000000035D2000-memory.dmp

Filesize
3.1MB

Download
memory/2356-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2356-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2356-3-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2356-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download