xmrig | 9d74c17ea83fa6d91fbaa86791a0ec23d79037a3f85ba5cbbb0351a4373ecab2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73a994c4c63dfe5b9a77167771730a21.exe
Size

784KB
MD5

73a994c4c63dfe5b9a77167771730a21
SHA1

31ed62ad7f2c36b89efb1df5eebabbccf83ea367
SHA256

9d74c17ea83fa6d91fbaa86791a0ec23d79037a3f85ba5cbbb0351a4373ecab2
SHA512

9048cde7f1d33776247e982fdfd97df072cf14c4b79e72b50f3f50a69148df625730693b3f382768af7bc49a01d5b1aa0819c735e590243d0aa76c103ce37598
SSDEEP

12288:F/CQTSHRAQ7qqDHf7enLhcOV0BplUxVn8Gp73VespzwmgLznz+1bQ/g:F/0A/5Vr0B81dKlzne

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 9 IoCs

miner

resource	yara_rule
behavioral1/memory/2360-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2360-16-0x0000000003160000-0x0000000003472000-memory.dmp	xmrig
behavioral1/memory/2352-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2352-18-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2360-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2352-26-0x0000000003250000-0x00000000033E3000-memory.dmp	xmrig
behavioral1/memory/2352-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2352-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2352-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2352	73a994c4c63dfe5b9a77167771730a21.exe

Executes dropped EXE 1 IoCs

pid	Process
2352	73a994c4c63dfe5b9a77167771730a21.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	73a994c4c63dfe5b9a77167771730a21.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2360-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000014120-10.dat	upx
behavioral1/files/0x0009000000014120-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2360	73a994c4c63dfe5b9a77167771730a21.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2360	73a994c4c63dfe5b9a77167771730a21.exe
2352	73a994c4c63dfe5b9a77167771730a21.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2352	2360	73a994c4c63dfe5b9a77167771730a21.exe	29
PID 2360 wrote to memory of 2352	2360	73a994c4c63dfe5b9a77167771730a21.exe	29
PID 2360 wrote to memory of 2352	2360	73a994c4c63dfe5b9a77167771730a21.exe	29
PID 2360 wrote to memory of 2352	2360	73a994c4c63dfe5b9a77167771730a21.exe	29

C:\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe
"C:\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe
  C:\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe

Filesize
427KB

MD5
bcbf35c4bfa818620d898c3036bf3bc5

SHA1
8db1268f4b1e046fbebdf609e37aebdfa079d869

SHA256
36bcc901daadb07c0429b0d6bd73f3fccb399cadeade13ad857b97062cd0c45f

SHA512
e84bc8ac7c3e05d46f3735e4dd9aded96cdd5d3bd1b28161ea2f6a7c39d4593f26698f04bbcdf68f7a4e53440c15d592df78f569324e726051eb5e1db73dc94c

Download Submit
\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe

Filesize
739KB

MD5
e0dc4507e99841d6661a470d5afebf79

SHA1
e4289ced085f55003cf4d63461b97dc3300235a0

SHA256
995f4cc34da2f042b4d3aabd486aab7497263cea1e441ab12ba961f9d836fec9

SHA512
c08c65d1fd37555276ad355c14d58b0ba642220508460f67f4b2680b4bc63e6b515c259ef43e5ab9067e0f9b1b0c7740071265f3394819b867806325cc3c0e38

Download Submit
memory/2352-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2352-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2352-20-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2352-26-0x0000000003250000-0x00000000033E3000-memory.dmp

Filesize
1.6MB

Download
memory/2352-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2352-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2352-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2360-4-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2360-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2360-16-0x0000000003160000-0x0000000003472000-memory.dmp

Filesize
3.1MB

Download
memory/2360-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2360-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download