xmrig | 8632305997511d2b833babf4dfe525fd972380f5b855179139c97ff69228fdb2

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 22:13

Target

97bd55a5acc3151e20d4c969e625180c.exe
Size

784KB
MD5

97bd55a5acc3151e20d4c969e625180c
SHA1

cb3cfeb2e90207c32913dd2f2b913c846f722dc9
SHA256

8632305997511d2b833babf4dfe525fd972380f5b855179139c97ff69228fdb2
SHA512

7debcb7e90ad1fb9d4ea08ef2e63928280f85862f21c64de42586f87628b9084f803fff1415d7eb0a3514b2a9531bd85683f68ca8ac69d09998a2836571b653e
SSDEEP

24576:eh+w9voUDlfHpMTjFbHrBfWhP1Ww19gwTP:eh+w9voUET1BfWJ1Wwbga

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/736-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/736-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3528-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3528-21-0x0000000005430000-0x00000000055C3000-memory.dmp	xmrig
behavioral2/memory/3528-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3528-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3528	97bd55a5acc3151e20d4c969e625180c.exe

Executes dropped EXE 1 IoCs

pid	Process
3528	97bd55a5acc3151e20d4c969e625180c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/736-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023229-11.dat	upx
behavioral2/memory/3528-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
736	97bd55a5acc3151e20d4c969e625180c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
736	97bd55a5acc3151e20d4c969e625180c.exe
3528	97bd55a5acc3151e20d4c969e625180c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 3528	736	97bd55a5acc3151e20d4c969e625180c.exe	85
PID 736 wrote to memory of 3528	736	97bd55a5acc3151e20d4c969e625180c.exe	85
PID 736 wrote to memory of 3528	736	97bd55a5acc3151e20d4c969e625180c.exe	85

C:\Users\Admin\AppData\Local\Temp\97bd55a5acc3151e20d4c969e625180c.exe

Filesize
784KB

MD5
a866eb33f953756acff641b8955b924a

SHA1
1a35d010f8c8bf18633a0221f3722427ea1aa612

SHA256
8faf9c9f1ac0e14ab1498781189f1f6b404197db3ca7251621faa4f3262142eb

SHA512
43d59e9742de8b6c1249947a7b278df79d1b62841fbc68aa8346bc26d1eafbd02fddc238695bd77b64e5751feb339eceaca53882c9d257c2a7c16bd2343a5052

Download Submit
memory/736-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/736-1-0x0000000001AB0000-0x0000000001B74000-memory.dmp

Filesize
784KB

Download
memory/736-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/736-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3528-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3528-15-0x00000000018C0000-0x0000000001984000-memory.dmp

Filesize
784KB

Download
memory/3528-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3528-21-0x0000000005430000-0x00000000055C3000-memory.dmp

Filesize
1.6MB

Download
memory/3528-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3528-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download