Overview

overview

10

Static

static

7

72056644ee...a3.exe

windows7-x64

10

72056644ee...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2024 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72056644ee9864265b50ff2b9a03e6a3.exe

  • Size

    784KB

  • MD5

    72056644ee9864265b50ff2b9a03e6a3

  • SHA1

    fcdd96a51d9dcf59d3f4a32b14c221556247e127

  • SHA256

    515676b985fa01a636137c37aaa68bcfd64aef9a6fd45d5df861d56c3634c5a9

  • SHA512

    44caece6fa32dc6c72d600d2e9a9684adbaaa97163c3023e16a24ee9ef34c8c43b2769c8e16253969cbdb10edd9a8318ef2559aba9340cabd6df619b77be5119

  • SSDEEP

    24576:l5oh/9Z9u1Ze1WbYOeAcArtLqm9um0T/07:roF96ueeAcArtLjUm0T/07

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72056644ee9864265b50ff2b9a03e6a3.exe
    "C:\Users\Admin\AppData\Local\Temp\72056644ee9864265b50ff2b9a03e6a3.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Local\Temp\72056644ee9864265b50ff2b9a03e6a3.exe
      C:\Users\Admin\AppData\Local\Temp\72056644ee9864265b50ff2b9a03e6a3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:640
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:2012
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2100

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\72056644ee9864265b50ff2b9a03e6a3.exe
      Filesize

      198KB

      MD5

      d4ab266d0dc9243985d29c1c569a0ee2

      SHA1

      b35ce61de22323ee14562a4e17763b1a607d940d

      SHA256

      b1d9461644fb79d2d09f52b262202d8c2d1896ce2e81d3e32dadb9da50178c9a

      SHA512

      f187df61c3759607db31a70e7ce3ae74fd633b727e4e458c27a792dce30cf35fae7ed2e28d269a7972154a771aea372c1280a351e80e4a2010cd9a96aff28989

      Download Submit

    • memory/640-16-0x0000000001720000-0x00000000017E4000-memory.dmp

      Filesize

      784KB

      Download

    • memory/640-30-0x0000000000400000-0x0000000000587000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/640-20-0x0000000000400000-0x0000000000587000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/640-21-0x0000000005510000-0x00000000056A3000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/640-13-0x0000000000400000-0x0000000000712000-memory.dmp

      Filesize

      3.1MB

      Download

    • memory/640-14-0x0000000000400000-0x0000000000593000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2100-47-0x000001D5B6F40000-0x000001D5B6F50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2100-31-0x000001D5B6E40000-0x000001D5B6E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2100-63-0x000001D5BF260000-0x000001D5BF261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-65-0x000001D5BF290000-0x000001D5BF291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-67-0x000001D5BF3A0000-0x000001D5BF3A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2100-66-0x000001D5BF290000-0x000001D5BF291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3016-12-0x0000000000400000-0x0000000000593000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3016-2-0x0000000000400000-0x0000000000593000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3016-1-0x0000000001900000-0x00000000019C4000-memory.dmp

      Filesize

      784KB

      Download

    • memory/3016-0-0x0000000000400000-0x0000000000712000-memory.dmp

      Filesize

      3.1MB

      Download