xmrig | 1fd3bf8ede5888cc6415d39a1f6458ce956a33ed452aa1725859c09167ddca5f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 11:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

748acbd2afd6cba4dbd8b7f0a05bb43b.exe
Size

784KB
MD5

748acbd2afd6cba4dbd8b7f0a05bb43b
SHA1

700aeb1887393cda98616d1685d7ec2ee04b478c
SHA256

1fd3bf8ede5888cc6415d39a1f6458ce956a33ed452aa1725859c09167ddca5f
SHA512

c4f21292bf7d317c4e69ca8e4e60b027028e730c17e5bc410f961b4fa417537988a05ba57134fbcc3bbedf78a7c216b3060b553fa90e7caf516dd150fe2835b2
SSDEEP

24576:h3uLwQHzXGDq77il6jvqMWQ6LaIgxWZytdlYRn+mlB:h3awQHz0WvqMW5io84jB

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2668-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2668-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2824-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2824-24-0x0000000003120000-0x00000000032B3000-memory.dmp	xmrig
behavioral1/memory/2824-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2824-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2824-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2824	748acbd2afd6cba4dbd8b7f0a05bb43b.exe

Executes dropped EXE 1 IoCs

pid	Process
2824	748acbd2afd6cba4dbd8b7f0a05bb43b.exe

Loads dropped DLL 1 IoCs

pid	Process
2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2668-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012255-10.dat	upx
behavioral1/memory/2824-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012255-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe
2824	748acbd2afd6cba4dbd8b7f0a05bb43b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2824	2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe	29
PID 2668 wrote to memory of 2824	2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe	29
PID 2668 wrote to memory of 2824	2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe	29
PID 2668 wrote to memory of 2824	2668	748acbd2afd6cba4dbd8b7f0a05bb43b.exe	29

C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
"C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
  C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe

Filesize
279KB

MD5
ac2a69e192a5d59e39bab4779951f8fd

SHA1
6b4cd9a5b6c9093038febd90c2a8e00d00c959f4

SHA256
f37847d56026bab5551e0401f54daeacb6ce36287f22157d5c42f7292179d388

SHA512
0e89248a3bb322e82693da52db979d666bd0db975267fffdfc75ee9c4ad5b626708e1b1197f58c5d7187f0b8e97e8d73bcf5db0c7942fcddd046bde2b87546f8

Download Submit
\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe

Filesize
493KB

MD5
79524d4a2ddff8e69dbe3010455d741d

SHA1
c8d66ed2471500000b618b8487e4f2cb89de5d07

SHA256
c728300ed6c76d04b8e4503d53a9e4c9a27201448aa1fdb8d292e280436f9c0b

SHA512
9883f13a67bf511b5462a5b9cbbb90acf1c4e9645521fbc5083f180010b9e1f271905b8d455ffb95b295250cda520c90393acdecec78488f37188ae7f036006b

Download Submit
memory/2668-3-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2668-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2668-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2668-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2824-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2824-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2824-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2824-24-0x0000000003120000-0x00000000032B3000-memory.dmp

Filesize
1.6MB

Download
memory/2824-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2824-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2824-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download