xmrig | b4d485f471ae03f05ec4a83231ca648026e0fc2690040521d1e5011969bf0065

General

Target

74f032309f78c230c748e543d1ff7f52.exe
Size

1.5MB
MD5

74f032309f78c230c748e543d1ff7f52
SHA1

e716c1929771b17b49f97d06fbf13eb31565c926
SHA256

b4d485f471ae03f05ec4a83231ca648026e0fc2690040521d1e5011969bf0065
SHA512

b49b048f3acbc7f56c4f9f137b9ab6ed836429be4dd9f083a6e07d53830de6f5bc867d12c363ee89aa4486e82592bbffdd1ffdb1525a120a5853cdba5191dcd7
SSDEEP

24576:38cEMvBbFN8jhLhXKu/SGd+rBsqlIm6DK814zChyz3hTucFf9mo+d60sq:ZjfGhLn+BsCIm6utl5nmo+dN

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2512-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2512-15-0x0000000003370000-0x0000000003682000-memory.dmp	xmrig
behavioral1/memory/2512-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2732-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2732-25-0x0000000003220000-0x00000000033B3000-memory.dmp	xmrig
behavioral1/memory/2732-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2732-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

Processes:

74f032309f78c230c748e543d1ff7f52.exe

pid process

2732 74f032309f78c230c748e543d1ff7f52.exe
Executes dropped EXE 1 IoCs

Processes:

74f032309f78c230c748e543d1ff7f52.exe

pid process

2732 74f032309f78c230c748e543d1ff7f52.exe
Loads dropped DLL 1 IoCs

Processes:

74f032309f78c230c748e543d1ff7f52.exe

pid process

2512 74f032309f78c230c748e543d1ff7f52.exe

pid	process
2732	74f032309f78c230c748e543d1ff7f52.exe

pid	process
2732	74f032309f78c230c748e543d1ff7f52.exe

pid	process
2512	74f032309f78c230c748e543d1ff7f52.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe	upx
behavioral1/memory/2732-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

74f032309f78c230c748e543d1ff7f52.exe

pid process

2512 74f032309f78c230c748e543d1ff7f52.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

74f032309f78c230c748e543d1ff7f52.exe74f032309f78c230c748e543d1ff7f52.exe

pid process

2512 74f032309f78c230c748e543d1ff7f52.exe
2732 74f032309f78c230c748e543d1ff7f52.exe

pid	process
2512	74f032309f78c230c748e543d1ff7f52.exe

pid	process
2512	74f032309f78c230c748e543d1ff7f52.exe
2732	74f032309f78c230c748e543d1ff7f52.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

74f032309f78c230c748e543d1ff7f52.exe

description	pid	process	target process
PID 2512 wrote to memory of 2732	2512	74f032309f78c230c748e543d1ff7f52.exe	74f032309f78c230c748e543d1ff7f52.exe
PID 2512 wrote to memory of 2732	2512	74f032309f78c230c748e543d1ff7f52.exe	74f032309f78c230c748e543d1ff7f52.exe
PID 2512 wrote to memory of 2732	2512	74f032309f78c230c748e543d1ff7f52.exe	74f032309f78c230c748e543d1ff7f52.exe
PID 2512 wrote to memory of 2732	2512	74f032309f78c230c748e543d1ff7f52.exe	74f032309f78c230c748e543d1ff7f52.exe

C:\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe
"C:\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2512

C:\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe
C:\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2732

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe
Filesize
104KB

MD5
167aa658e08952fe3c096b8bf356ec97

SHA1
cf5b86e8fc16e79be9bb80d78a772aef5f5d1e73

SHA256
1c30bf48e826cbba07c1769d99edd690cb5a809116b5d1f63c99df2e8f5bfc22

SHA512
ac1c137ef898b8eaecc4908e5ace7c468ecf22ecb59c680be125e566f86f48a21e4288b940f3b3e8a268533f8067083ea943e537981a9564ebbee77dc8814ed2

Download Submit
\Users\Admin\AppData\Local\Temp\74f032309f78c230c748e543d1ff7f52.exe
Filesize
69KB

MD5
d7f4d959c51c23fbb818b3bbdcdce6bc

SHA1
b0308a7bff75b19d3e6f8f46a06225c705f0e43d

SHA256
6e2de4866ff84bac34e79740e083ee3fb193bf05cd38e10b67c95631cf678e5c

SHA512
ec2450a60f081853cfa3413df8d3c95e8e504be007774c64672d8629cd88c9f2796e55caeb1d6f9c9700c82a4fc6f5c4e1b3b337eea0dc43b53fb55412dba6b9

Download Submit
memory/2512-15-0x0000000003370000-0x0000000003682000-memory.dmp

Filesize
3.1MB

Download
memory/2512-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2512-2-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2512-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2512-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2732-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2732-19-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2732-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2732-25-0x0000000003220000-0x00000000033B3000-memory.dmp

Filesize
1.6MB

Download
memory/2732-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2732-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads