xmrig | a5be37c66c5edf6626a489e82ae799b82078272a907939cc4dfff88de9db3fea

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c2be69cb9a4a21dfed738c9a18cab9c.exe
Size

784KB
MD5

7c2be69cb9a4a21dfed738c9a18cab9c
SHA1

2e64ac39b0fb41fd3e32ced6adda3f15787a8594
SHA256

a5be37c66c5edf6626a489e82ae799b82078272a907939cc4dfff88de9db3fea
SHA512

f04ac7dcb4bdecb93b47b2a283f4e085121d901125d1572279b839e2eb75b6c1b0c468b5e7feafa389945646d888bb923373c646a8d517660a8567e54175b8aa
SSDEEP

12288:nIHwPIUg9TinKgbR+Jbo6cmaGLvdYrHJKko9ag8P78QhrkPQVz11jDxC6gBZlDOp:nIoY2KUgo6c8L1+p8ElPs0xMlZtPuL

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1820-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1820-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2096-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2096-24-0x0000000003200000-0x0000000003393000-memory.dmp	xmrig
behavioral1/memory/2096-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2096-33-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2096	7c2be69cb9a4a21dfed738c9a18cab9c.exe

Executes dropped EXE 1 IoCs

pid	Process
2096	7c2be69cb9a4a21dfed738c9a18cab9c.exe

Loads dropped DLL 1 IoCs

pid	Process
1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1820-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2096-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012251-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe
2096	7c2be69cb9a4a21dfed738c9a18cab9c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2096	1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe	29
PID 1820 wrote to memory of 2096	1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe	29
PID 1820 wrote to memory of 2096	1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe	29
PID 1820 wrote to memory of 2096	1820	7c2be69cb9a4a21dfed738c9a18cab9c.exe	29

C:\Users\Admin\AppData\Local\Temp\7c2be69cb9a4a21dfed738c9a18cab9c.exe
"C:\Users\Admin\AppData\Local\Temp\7c2be69cb9a4a21dfed738c9a18cab9c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Users\Admin\AppData\Local\Temp\7c2be69cb9a4a21dfed738c9a18cab9c.exe
  C:\Users\Admin\AppData\Local\Temp\7c2be69cb9a4a21dfed738c9a18cab9c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7c2be69cb9a4a21dfed738c9a18cab9c.exe

Filesize
784KB

MD5
d0513032a64b81dfd270064fe58209e6

SHA1
9229f27f8d7bf4de285191b829d2baad70a7c048

SHA256
a8ecd14967eae25eb19a4bc95cb48c1e31decc6ec72469ce5997fbeddca7f9f1

SHA512
656a7bb3e72c32e14e590947adc360e0d6249e126f8cf05b905bac7c7219a61947353329009163fcb6c3f9f690b94e25ae50183cbef517c100f7c7d9de49ff6f

Download Submit
memory/1820-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1820-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1820-1-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1820-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2096-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2096-17-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2096-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2096-24-0x0000000003200000-0x0000000003393000-memory.dmp

Filesize
1.6MB

Download
memory/2096-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2096-33-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download