xmrig | bb8d216ad535d6fc6aca2c1cebf9fc015d2b973ae7dd45afddce8a9dfbdf8780

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9763107ac8985b2bf1d4c28e1759a071.exe
Size

1.5MB
MD5

9763107ac8985b2bf1d4c28e1759a071
SHA1

14a342358e9eb0537ab44180ee2720426058cafd
SHA256

bb8d216ad535d6fc6aca2c1cebf9fc015d2b973ae7dd45afddce8a9dfbdf8780
SHA512

f9b0ee6d3dd4004537fcc440b1b195f8a4aee5fd65b5bcd02626302bd3456616322856cfc42f2053205d8a9bd9c78324b7eec95d925202afb7c0eb7eb915e6d2
SSDEEP

49152:uyPET03p1HB9pneVHDDBZgG51ROYODjZD4pNO4:LEQpRA751uR8pY4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2040-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2040-15-0x00000000033F0000-0x0000000003702000-memory.dmp	xmrig
behavioral1/memory/2040-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2716-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2716-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2716-26-0x00000000030D0000-0x0000000003263000-memory.dmp	xmrig
behavioral1/memory/2716-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2716-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2716	9763107ac8985b2bf1d4c28e1759a071.exe

Executes dropped EXE 1 IoCs

pid	Process
2716	9763107ac8985b2bf1d4c28e1759a071.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	9763107ac8985b2bf1d4c28e1759a071.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0008000000012248-16.dat	upx
behavioral1/memory/2716-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0008000000012248-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2040	9763107ac8985b2bf1d4c28e1759a071.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2040	9763107ac8985b2bf1d4c28e1759a071.exe
2716	9763107ac8985b2bf1d4c28e1759a071.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2716	2040	9763107ac8985b2bf1d4c28e1759a071.exe	29
PID 2040 wrote to memory of 2716	2040	9763107ac8985b2bf1d4c28e1759a071.exe	29
PID 2040 wrote to memory of 2716	2040	9763107ac8985b2bf1d4c28e1759a071.exe	29
PID 2040 wrote to memory of 2716	2040	9763107ac8985b2bf1d4c28e1759a071.exe	29

C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe
"C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe
  C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe

Filesize
784KB

MD5
def83ecda18de227bfe3fedb0fb96e6f

SHA1
e67301fab4879ee9600c0115cb7f8ae983f58c90

SHA256
bb047a70348ce01ff5be5e05277f324b7d0088e33e553a0f35ef309468f2ca6e

SHA512
c162bebf21b390167db82faf820a5c44b41a5b35ce8be7d24c99eaef2dfa391ba01de282c01d4d1e06775b336ae440ee54dbb0a0ea434b04eaaf267f95352d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe

Filesize
668KB

MD5
98e1d85d337a614d6161eefcbec7c110

SHA1
38897e7b01f78580dbc1e9d3c81fe3e7d430332d

SHA256
5f9d15c4cb70d4b0c6cfeb9a0ebded92b95488a5f486fd22a104a5efbaf7bb43

SHA512
dffb60281c1cc363dcae9425102680428ac3df1f8bdc553e2b3a9f43578bcd4bd5b64b5cfd30faaa854cc6991876df3eca2e39bdf9e8c1474eb909ad8f7c9d97

Download Submit
memory/2040-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2040-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2040-15-0x00000000033F0000-0x0000000003702000-memory.dmp

Filesize
3.1MB

Download
memory/2040-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2040-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2040-36-0x00000000033F0000-0x0000000003702000-memory.dmp

Filesize
3.1MB

Download
memory/2716-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2716-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2716-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2716-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2716-26-0x00000000030D0000-0x0000000003263000-memory.dmp

Filesize
1.6MB

Download
memory/2716-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2716-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download