Overview

overview

10

Static

static

7

748acbd2af...3b.exe

windows7-x64

10

748acbd2af...3b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 11:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    748acbd2afd6cba4dbd8b7f0a05bb43b.exe

  • Size

    784KB

  • MD5

    748acbd2afd6cba4dbd8b7f0a05bb43b

  • SHA1

    700aeb1887393cda98616d1685d7ec2ee04b478c

  • SHA256

    1fd3bf8ede5888cc6415d39a1f6458ce956a33ed452aa1725859c09167ddca5f

  • SHA512

    c4f21292bf7d317c4e69ca8e4e60b027028e730c17e5bc410f961b4fa417537988a05ba57134fbcc3bbedf78a7c216b3060b553fa90e7caf516dd150fe2835b2

  • SSDEEP

    24576:h3uLwQHzXGDq77il6jvqMWQ6LaIgxWZytdlYRn+mlB:h3awQHz0WvqMW5io84jB

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
    "C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
      C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2748

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\748acbd2afd6cba4dbd8b7f0a05bb43b.exe
          Filesize

          294KB

          MD5

          5a310855a46eb5c87abb87bb590258a7

          SHA1

          2b6447a141a4f9a7f302fdb53c3e8c5fca94bada

          SHA256

          180c28afdd5a6809221a725fc68b9e6e02cb038ea95dd6648b5774ecbfcd2ba5

          SHA512

          bc417d737e9b931b128fd8492600793ac11848d19c4cdba3fcf4fc70eaec729c572703aabbedcf4c4804c8c11dc68069fbe1c2f08d32f0b67a371d1fee67acbe

          Download Submit

        • memory/2748-13-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2748-15-0x00000000019F0000-0x0000000001AB4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/2748-14-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2748-21-0x00000000053E0000-0x0000000005573000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2748-20-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2748-30-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3300-0-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3300-2-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3300-1-0x00000000018E0000-0x00000000019A4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3300-12-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download