xmrig | bb8d216ad535d6fc6aca2c1cebf9fc015d2b973ae7dd45afddce8a9dfbdf8780

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9763107ac8985b2bf1d4c28e1759a071.exe
Size

1.5MB
MD5

9763107ac8985b2bf1d4c28e1759a071
SHA1

14a342358e9eb0537ab44180ee2720426058cafd
SHA256

bb8d216ad535d6fc6aca2c1cebf9fc015d2b973ae7dd45afddce8a9dfbdf8780
SHA512

f9b0ee6d3dd4004537fcc440b1b195f8a4aee5fd65b5bcd02626302bd3456616322856cfc42f2053205d8a9bd9c78324b7eec95d925202afb7c0eb7eb915e6d2
SSDEEP

49152:uyPET03p1HB9pneVHDDBZgG51ROYODjZD4pNO4:LEQpRA751uR8pY4

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4188-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4188-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3696-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3696-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3696-21-0x0000000005400000-0x0000000005593000-memory.dmp	xmrig
behavioral2/memory/3696-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3696	9763107ac8985b2bf1d4c28e1759a071.exe

Executes dropped EXE 1 IoCs

pid	Process
3696	9763107ac8985b2bf1d4c28e1759a071.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4188-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000700000002321a-11.dat	upx
behavioral2/memory/3696-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4188	9763107ac8985b2bf1d4c28e1759a071.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4188	9763107ac8985b2bf1d4c28e1759a071.exe
3696	9763107ac8985b2bf1d4c28e1759a071.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 3696	4188	9763107ac8985b2bf1d4c28e1759a071.exe	84
PID 4188 wrote to memory of 3696	4188	9763107ac8985b2bf1d4c28e1759a071.exe	84
PID 4188 wrote to memory of 3696	4188	9763107ac8985b2bf1d4c28e1759a071.exe	84

C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe
"C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe
  C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9763107ac8985b2bf1d4c28e1759a071.exe

Filesize
784KB

MD5
806345cbe11351c040cf076cb95c632a

SHA1
26e2681ac31b268ec4dc9de45718a2fa8c6f36e9

SHA256
81955478b558e9217e58257af1e5412c723861670bd319ca9f85bbd145e60509

SHA512
1d4604a5f58441052d986e2a220bb6228f6b6784ef1a0337f8f79ed97faae79812f3416cd0d6bc1b60fb31887104a6572f2d3a7f5d478106a530e25891608010

Download Submit
memory/3696-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3696-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3696-14-0x0000000001A10000-0x0000000001AD4000-memory.dmp

Filesize
784KB

Download
memory/3696-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3696-21-0x0000000005400000-0x0000000005593000-memory.dmp

Filesize
1.6MB

Download
memory/3696-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4188-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4188-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4188-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4188-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download