xmrig | 8106d4810e8aa0495fb4e189a6d094406af39589d477f5c1231e05fc48224ed9

Analysis

max time kernel
135s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75568fb45c337afc805104d6fde8bc6c.exe
Size

784KB
MD5

75568fb45c337afc805104d6fde8bc6c
SHA1

95502e21620f9f2094ecf14c0b97cbbba2ab6e0a
SHA256

8106d4810e8aa0495fb4e189a6d094406af39589d477f5c1231e05fc48224ed9
SHA512

1912cb67900df10e089ed95e6096d36f3c4e1fab2947a9ff4dba13fb5adde39cbac727c417d432449ee95c2d6f50ad4de13da056a08755a86cf6ce656261f098
SSDEEP

24576:51JkiUj0ULvQdVv0fjfIPH77O6DuxM4qF:HJkiC08QdVvHH3O6J4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/3456-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3456-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4504-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4504-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4504-22-0x00000000053E0000-0x0000000005573000-memory.dmp	xmrig
behavioral2/memory/4504-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4504	75568fb45c337afc805104d6fde8bc6c.exe

Executes dropped EXE 1 IoCs

pid	Process
4504	75568fb45c337afc805104d6fde8bc6c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3456-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000700000002304b-11.dat	upx
behavioral2/memory/4504-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3456	75568fb45c337afc805104d6fde8bc6c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3456	75568fb45c337afc805104d6fde8bc6c.exe
4504	75568fb45c337afc805104d6fde8bc6c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 4504	3456	75568fb45c337afc805104d6fde8bc6c.exe	89
PID 3456 wrote to memory of 4504	3456	75568fb45c337afc805104d6fde8bc6c.exe	89
PID 3456 wrote to memory of 4504	3456	75568fb45c337afc805104d6fde8bc6c.exe	89

C:\Users\Admin\AppData\Local\Temp\75568fb45c337afc805104d6fde8bc6c.exe
"C:\Users\Admin\AppData\Local\Temp\75568fb45c337afc805104d6fde8bc6c.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Users\Admin\AppData\Local\Temp\75568fb45c337afc805104d6fde8bc6c.exe
  C:\Users\Admin\AppData\Local\Temp\75568fb45c337afc805104d6fde8bc6c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\75568fb45c337afc805104d6fde8bc6c.exe

Filesize
784KB

MD5
de7881eedfd99b377a1781e76f256c1f

SHA1
20ee8ec5555929fb7fd36caa9142cd586ce4ec9b

SHA256
20c6b650e487ee7d2ce5410b9c6e1e5b01023bb5390949ff4fc27a4a82685bac

SHA512
dbd05113fc7adde28f8347cbf616558602f8a99435e51432a9c62939f8bcd588d62d55b2be192d16807d848475277fb15b3d99ba7c8928e7987c1d87b9dbafe7

Download Submit
memory/3456-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3456-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3456-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3456-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4504-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4504-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4504-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4504-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4504-22-0x00000000053E0000-0x0000000005573000-memory.dmp

Filesize
1.6MB

Download
memory/4504-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download