xmrig | 02924ebd122b1c606b6796bdf1acd196a2a80bee75ecbb826f02f428e71cc58d

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75206e7dddfbd0380a246fa714e8c6d3.exe
Size

784KB
MD5

75206e7dddfbd0380a246fa714e8c6d3
SHA1

91839ed67fe4261f39786ee1ba0f474e5beae9e7
SHA256

02924ebd122b1c606b6796bdf1acd196a2a80bee75ecbb826f02f428e71cc58d
SHA512

c0f2fe4502613fdfd066b7b47e480d8810fdc966b53c7f8d7e1e251e6cda4150a414e145fbea4d95fd9f16028ec27ff054182f25b8b09d1f5e7d5686b78bc4cd
SSDEEP

12288:Vd0reE0N0+Q/Pa+HWBrNUCWEzukNEaZgnU93DrXn9e0V7X2+yi:w6IBXxQUS/gniDrXnhVj

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/456-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/456-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2448-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2448-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2448-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2448-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2448-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2448	75206e7dddfbd0380a246fa714e8c6d3.exe

Executes dropped EXE 1 IoCs

pid	Process
2448	75206e7dddfbd0380a246fa714e8c6d3.exe

Loads dropped DLL 1 IoCs

pid	Process
456	75206e7dddfbd0380a246fa714e8c6d3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/456-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/memory/456-15-0x0000000003180000-0x0000000003492000-memory.dmp	upx
behavioral1/memory/2448-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
456	75206e7dddfbd0380a246fa714e8c6d3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
456	75206e7dddfbd0380a246fa714e8c6d3.exe
2448	75206e7dddfbd0380a246fa714e8c6d3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 2448	456	75206e7dddfbd0380a246fa714e8c6d3.exe	29
PID 456 wrote to memory of 2448	456	75206e7dddfbd0380a246fa714e8c6d3.exe	29
PID 456 wrote to memory of 2448	456	75206e7dddfbd0380a246fa714e8c6d3.exe	29
PID 456 wrote to memory of 2448	456	75206e7dddfbd0380a246fa714e8c6d3.exe	29

C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
"C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
  C:\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\75206e7dddfbd0380a246fa714e8c6d3.exe

Filesize
784KB

MD5
4f8e223b5c9bc21a6b095d2036939123

SHA1
2e8961f93ada53db28a889fca7aaea9226bad76c

SHA256
ad619bd984d065dd3c0f5290a75b2cbd368bbd151e072474de0a2e886695452c

SHA512
8de1c2f0db86f6db9806ccc4856952b87433f51d289a08484ae18f1b8f297a66959c112db50b2d00d4e02157449a99921083ad74947426c5ef69ffa41dc60d72

Download Submit
memory/456-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/456-3-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/456-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/456-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/456-15-0x0000000003180000-0x0000000003492000-memory.dmp

Filesize
3.1MB

Download
memory/2448-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2448-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2448-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2448-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2448-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2448-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2448-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download