xmrig | 67be85ce5ad50a03cf18c7399458f74f511e49101f8a24d3bbf29237dfc95cef

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78e3ef10f58c154093629127b5afbfea.exe
Size

784KB
MD5

78e3ef10f58c154093629127b5afbfea
SHA1

c124954fc13e0b69081ef43e47595cfd0f76f4c8
SHA256

67be85ce5ad50a03cf18c7399458f74f511e49101f8a24d3bbf29237dfc95cef
SHA512

6714430459abc8fdc56b6b9f4bd8cae3addea429f7e44527dc765894fb9ac5eb025d8c0c128adab39e9f75e24ac5847d1fcad07115fb9e7f6c13ad09e9ba66cf
SSDEEP

24576:Z2Wkdkm1EQzddfsPA0SJ+qNPfbbThlWsL:AWkdp1pdePAyqxfbhQs

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2408-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2408-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2280-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2280-25-0x0000000003130000-0x00000000032C3000-memory.dmp	xmrig
behavioral1/memory/2280-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2280-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2280-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2280	78e3ef10f58c154093629127b5afbfea.exe

Executes dropped EXE 1 IoCs

pid	Process
2280	78e3ef10f58c154093629127b5afbfea.exe

Loads dropped DLL 1 IoCs

pid	Process
2408	78e3ef10f58c154093629127b5afbfea.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/memory/2408-15-0x00000000030E0000-0x00000000033F2000-memory.dmp	upx
behavioral1/memory/2280-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2408	78e3ef10f58c154093629127b5afbfea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2408	78e3ef10f58c154093629127b5afbfea.exe
2280	78e3ef10f58c154093629127b5afbfea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2280	2408	78e3ef10f58c154093629127b5afbfea.exe	29
PID 2408 wrote to memory of 2280	2408	78e3ef10f58c154093629127b5afbfea.exe	29
PID 2408 wrote to memory of 2280	2408	78e3ef10f58c154093629127b5afbfea.exe	29
PID 2408 wrote to memory of 2280	2408	78e3ef10f58c154093629127b5afbfea.exe	29

C:\Users\Admin\AppData\Local\Temp\78e3ef10f58c154093629127b5afbfea.exe
"C:\Users\Admin\AppData\Local\Temp\78e3ef10f58c154093629127b5afbfea.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\78e3ef10f58c154093629127b5afbfea.exe
  C:\Users\Admin\AppData\Local\Temp\78e3ef10f58c154093629127b5afbfea.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\78e3ef10f58c154093629127b5afbfea.exe

Filesize
784KB

MD5
599de976ab1c18fbd0238fc1e347b9e5

SHA1
6418dc8a9d571c294fa8a7e7ccc6858a469027bc

SHA256
0bde295618ce14c77b7c05a723066e0b7564a17fd8e65413c114884552ede6f5

SHA512
436a78435cd99c79f86f041e3acbd34b2a95d4751e50992e895248c78430a6b736ac74a186b6d2ef72595fe75286b2742b30198c8a02bb24540893f8ffd91e29

Download Submit
memory/2280-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2280-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2280-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2280-25-0x0000000003130000-0x00000000032C3000-memory.dmp

Filesize
1.6MB

Download
memory/2280-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2280-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2280-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2408-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2408-2-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2408-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2408-15-0x00000000030E0000-0x00000000033F2000-memory.dmp

Filesize
3.1MB

Download
memory/2408-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download