xmrig | cb7ed1c76cdd4bbf84b0de028fab3623dae7793a6c19c500ca3276f542f2bb73

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

900183bac2e949308f9d1a5d85ff95a6.exe
Size

784KB
MD5

900183bac2e949308f9d1a5d85ff95a6
SHA1

79ee3f74307ac1a83695489271e56750f18f16a3
SHA256

cb7ed1c76cdd4bbf84b0de028fab3623dae7793a6c19c500ca3276f542f2bb73
SHA512

188ad8cdc6e38a6d6a049b7d62ab2954dd935f967470f8fd5b75d9a1cdc709780cd99a25139562fe777f5d4d86b033dfedd89cf1a74330f671d4e89ddad64b51
SSDEEP

12288:D2pi2+I2zscqb3z/cOQQtTxSnjmXoCa3sAQAtSBs1VSj/PKCGyjL:q02N2zw3z/c5aTx0jm4CIskH1Y3l

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2440-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2440-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2992-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2992-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2992-25-0x0000000003240000-0x00000000033D3000-memory.dmp	xmrig
behavioral1/memory/2992-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2992-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2992	900183bac2e949308f9d1a5d85ff95a6.exe

Executes dropped EXE 1 IoCs

pid	Process
2992	900183bac2e949308f9d1a5d85ff95a6.exe

Loads dropped DLL 1 IoCs

pid	Process
2440	900183bac2e949308f9d1a5d85ff95a6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2440-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012261-10.dat	upx
behavioral1/memory/2440-14-0x0000000003250000-0x0000000003562000-memory.dmp	upx
behavioral1/memory/2992-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2440	900183bac2e949308f9d1a5d85ff95a6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2440	900183bac2e949308f9d1a5d85ff95a6.exe
2992	900183bac2e949308f9d1a5d85ff95a6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2992	2440	900183bac2e949308f9d1a5d85ff95a6.exe	29
PID 2440 wrote to memory of 2992	2440	900183bac2e949308f9d1a5d85ff95a6.exe	29
PID 2440 wrote to memory of 2992	2440	900183bac2e949308f9d1a5d85ff95a6.exe	29
PID 2440 wrote to memory of 2992	2440	900183bac2e949308f9d1a5d85ff95a6.exe	29

C:\Users\Admin\AppData\Local\Temp\900183bac2e949308f9d1a5d85ff95a6.exe
"C:\Users\Admin\AppData\Local\Temp\900183bac2e949308f9d1a5d85ff95a6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\900183bac2e949308f9d1a5d85ff95a6.exe
  C:\Users\Admin\AppData\Local\Temp\900183bac2e949308f9d1a5d85ff95a6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\900183bac2e949308f9d1a5d85ff95a6.exe

Filesize
784KB

MD5
4daf8cdc1646476b29cdfb66cbd14302

SHA1
dc2bbeda2b3bdaf744331018dbe11db7f948b314

SHA256
f116192646dcb0f41927de7cc964e196e890016068e31f1924fd36a178ad7eb1

SHA512
a16a56c6e8ba22dc070a4014cff7e42e69b739c07e585536460a361100f81a6acb70328e04702904fe1afda88be9c09600bf5dddd85e58a37e2d7fb44dee3054

Download Submit
memory/2440-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2440-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2440-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2440-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2440-14-0x0000000003250000-0x0000000003562000-memory.dmp

Filesize
3.1MB

Download
memory/2992-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2992-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2992-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2992-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2992-25-0x0000000003240000-0x00000000033D3000-memory.dmp

Filesize
1.6MB

Download
memory/2992-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2992-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download