xmrig | 9d74c17ea83fa6d91fbaa86791a0ec23d79037a3f85ba5cbbb0351a4373ecab2

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 03:51

Target

73a994c4c63dfe5b9a77167771730a21.exe
Size

784KB
MD5

73a994c4c63dfe5b9a77167771730a21
SHA1

31ed62ad7f2c36b89efb1df5eebabbccf83ea367
SHA256

9d74c17ea83fa6d91fbaa86791a0ec23d79037a3f85ba5cbbb0351a4373ecab2
SHA512

9048cde7f1d33776247e982fdfd97df072cf14c4b79e72b50f3f50a69148df625730693b3f382768af7bc49a01d5b1aa0819c735e590243d0aa76c103ce37598
SSDEEP

12288:F/CQTSHRAQ7qqDHf7enLhcOV0BplUxVn8Gp73VespzwmgLznz+1bQ/g:F/0A/5Vr0B81dKlzne

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4908-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4908-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/412-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/412-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/412-20-0x0000000005490000-0x0000000005623000-memory.dmp	xmrig
behavioral2/memory/412-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
412	73a994c4c63dfe5b9a77167771730a21.exe

Executes dropped EXE 1 IoCs

pid	Process
412	73a994c4c63dfe5b9a77167771730a21.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4908-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000002320a-11.dat	upx
behavioral2/memory/412-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4908	73a994c4c63dfe5b9a77167771730a21.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4908	73a994c4c63dfe5b9a77167771730a21.exe
412	73a994c4c63dfe5b9a77167771730a21.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 412	4908	73a994c4c63dfe5b9a77167771730a21.exe	87
PID 4908 wrote to memory of 412	4908	73a994c4c63dfe5b9a77167771730a21.exe	87
PID 4908 wrote to memory of 412	4908	73a994c4c63dfe5b9a77167771730a21.exe	87

C:\Users\Admin\AppData\Local\Temp\73a994c4c63dfe5b9a77167771730a21.exe

Filesize
393KB

MD5
185433c718193dd5a268fd1fab5faf35

SHA1
8a5b1cb0be243ee28b8337b1ba1e904c1592dbbb

SHA256
97f147f9b908dee9a7703c79bf085c1928744467a9e7595b1e9b41e4edfaf388

SHA512
06002c59de98b75eef8be113bf8f8dd15e09b6c043fa73b78cd23add8ef24c32a68f90c9b59f3d245394b18b9370ec706e6bf99d97ea596132466169392feba3

Download Submit
memory/412-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/412-16-0x00000000018D0000-0x0000000001994000-memory.dmp

Filesize
784KB

Download
memory/412-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/412-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/412-20-0x0000000005490000-0x0000000005623000-memory.dmp

Filesize
1.6MB

Download
memory/412-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4908-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4908-1-0x00000000017F0000-0x00000000018B4000-memory.dmp

Filesize
784KB

Download
memory/4908-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4908-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download