xmrig | df01a9db51da6307b2882563d5667540bbd38be2d70b283fa57d0aca23ae2b70

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75233361f8d5a0995275105cb989100c.exe
Size

784KB
MD5

75233361f8d5a0995275105cb989100c
SHA1

e2a5289518fc54a9df1b412f7f7ecf02d0ff03f1
SHA256

df01a9db51da6307b2882563d5667540bbd38be2d70b283fa57d0aca23ae2b70
SHA512

e46f4c204b25d17a45406dad11794a80e2ed38bc622d160a33253e3e4b8cff7345d7f77eefe3f3766ae9862a0cea6d1e92479133e8726bff27310584d50c6ecf
SSDEEP

12288:T+/b0mtirCORKXydUf0BPCaCRHy1zkqbCWGxiva8tUaZdMgSSICq5QIlA:TsxLyyf0BPCauqbChsi8t/dMgm5QIlA

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2256-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2256-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1128-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1128-25-0x00000000031B0000-0x0000000003343000-memory.dmp	xmrig
behavioral1/memory/1128-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1128-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1128	75233361f8d5a0995275105cb989100c.exe

Executes dropped EXE 1 IoCs

pid	Process
1128	75233361f8d5a0995275105cb989100c.exe

Loads dropped DLL 1 IoCs

pid	Process
2256	75233361f8d5a0995275105cb989100c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2256-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012242-10.dat	upx
behavioral1/memory/1128-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2256-15-0x00000000030E0000-0x00000000033F2000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2256	75233361f8d5a0995275105cb989100c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2256	75233361f8d5a0995275105cb989100c.exe
1128	75233361f8d5a0995275105cb989100c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1128	2256	75233361f8d5a0995275105cb989100c.exe	29
PID 2256 wrote to memory of 1128	2256	75233361f8d5a0995275105cb989100c.exe	29
PID 2256 wrote to memory of 1128	2256	75233361f8d5a0995275105cb989100c.exe	29
PID 2256 wrote to memory of 1128	2256	75233361f8d5a0995275105cb989100c.exe	29

C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe
"C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe
  C:\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\75233361f8d5a0995275105cb989100c.exe

Filesize
784KB

MD5
63266444236db2ae6256253e0fbd560a

SHA1
5b4b25cb69f66e678c95599785ce65c15892da4e

SHA256
d9c4c4704d23c18381793b5daf0fe172bca38c3f7b064f163630d80a8ff225d2

SHA512
5f32372ecf08c827fe1788f22b5ce357d0c0b55552e64fd74d51d9bc5944f6c42779d700348e7cf60139e715b80fba58aa6df1cafbe387f98a86d6581041b4d5

Download Submit
memory/1128-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1128-20-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1128-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1128-25-0x00000000031B0000-0x0000000003343000-memory.dmp

Filesize
1.6MB

Download
memory/1128-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1128-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2256-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2256-2-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2256-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2256-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2256-15-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download