xmrig | 9591acc093289d54256ea6177c083e81a5f7f3ec77e50a9fc533d3eb5f7333f2

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e0d4df4e6f714404ef3de73b3ac23ed.exe
Size

784KB
MD5

8e0d4df4e6f714404ef3de73b3ac23ed
SHA1

e4e89bba362031ac81c4061c0e364d912051d39c
SHA256

9591acc093289d54256ea6177c083e81a5f7f3ec77e50a9fc533d3eb5f7333f2
SHA512

cad1f019abde0f717522616cfee128503f79f7fbdd54739f32b3106ab5734a76eb39d58a77bb12fc9cd16414a32bf471eca03b4a391f33730c27352bcd938a56
SSDEEP

24576:++lEpkbue2U+KWX6FZxNj7g2qPlNuznBPm9u4f1:++SkbuAycZnCPGPiXf

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2224-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2224-15-0x0000000003340000-0x0000000003652000-memory.dmp	xmrig
behavioral1/memory/2224-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1128-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1128-24-0x00000000030F0000-0x0000000003283000-memory.dmp	xmrig
behavioral1/memory/1128-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1128-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1128-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1128	8e0d4df4e6f714404ef3de73b3ac23ed.exe

Executes dropped EXE 1 IoCs

pid	Process
1128	8e0d4df4e6f714404ef3de73b3ac23ed.exe

Loads dropped DLL 1 IoCs

pid	Process
2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012232-10.dat	upx
behavioral1/memory/1128-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe
1128	8e0d4df4e6f714404ef3de73b3ac23ed.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1128	2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe	29
PID 2224 wrote to memory of 1128	2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe	29
PID 2224 wrote to memory of 1128	2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe	29
PID 2224 wrote to memory of 1128	2224	8e0d4df4e6f714404ef3de73b3ac23ed.exe	29

C:\Users\Admin\AppData\Local\Temp\8e0d4df4e6f714404ef3de73b3ac23ed.exe
"C:\Users\Admin\AppData\Local\Temp\8e0d4df4e6f714404ef3de73b3ac23ed.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\8e0d4df4e6f714404ef3de73b3ac23ed.exe
  C:\Users\Admin\AppData\Local\Temp\8e0d4df4e6f714404ef3de73b3ac23ed.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\8e0d4df4e6f714404ef3de73b3ac23ed.exe

Filesize
784KB

MD5
bcc1e7174b35e4dea34b8929348a239b

SHA1
f0e654afbb04822dcd70e41addc55b119345e3bf

SHA256
4f55b2a774a0c575e3b0d202a9e163a6ac30bf30d083eb7d9d666762e276f01d

SHA512
601cb819714c26ce67bfb918b84b74ea3829f28e510b84e9ab47d35a7ec96fc6b8bdc05e384500e2302bf52a299d7b5ff3c676d381404603932de393136b47e2

Download Submit
memory/1128-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1128-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1128-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1128-24-0x00000000030F0000-0x0000000003283000-memory.dmp

Filesize
1.6MB

Download
memory/1128-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1128-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1128-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2224-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2224-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2224-15-0x0000000003340000-0x0000000003652000-memory.dmp

Filesize
3.1MB

Download
memory/2224-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2224-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download