xmrig | a6be60ef672da3c4571107cc04b1eb44863c2a2e064d094223e9ec0cf575b10e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 09:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b511b322382e94cae2587c858ad5b36.exe
Size

784KB
MD5

9b511b322382e94cae2587c858ad5b36
SHA1

d6cd7f9b5b1154aa31083b1dc8acadb455a2eab8
SHA256

a6be60ef672da3c4571107cc04b1eb44863c2a2e064d094223e9ec0cf575b10e
SHA512

a104375b2482e788822aff82939154b5d4c80b61dab42431df25879ffbd7b07536bbe6b77b23113e2d63ab8e5e9dcd11fc2dd4d8eb4a3f04707a625083da48a1
SSDEEP

12288:O/9a774vlt7rZTEpxvnWt8TKrI50/zWiNmPfuD3NlUyJWQO44gLzJl/BC9CikHe:0076tPabvWtGKrI8jhlPPJJ0sic

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2076-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2076-15-0x00000000032A0000-0x00000000035B2000-memory.dmp	xmrig
behavioral1/memory/2076-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2672-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2672-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2672-25-0x0000000003100000-0x0000000003293000-memory.dmp	xmrig
behavioral1/memory/2672-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2672-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2672	9b511b322382e94cae2587c858ad5b36.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	9b511b322382e94cae2587c858ad5b36.exe

Loads dropped DLL 1 IoCs

pid	Process
2076	9b511b322382e94cae2587c858ad5b36.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012256-10.dat	upx
behavioral1/memory/2672-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2076	9b511b322382e94cae2587c858ad5b36.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2076	9b511b322382e94cae2587c858ad5b36.exe
2672	9b511b322382e94cae2587c858ad5b36.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2672	2076	9b511b322382e94cae2587c858ad5b36.exe	29
PID 2076 wrote to memory of 2672	2076	9b511b322382e94cae2587c858ad5b36.exe	29
PID 2076 wrote to memory of 2672	2076	9b511b322382e94cae2587c858ad5b36.exe	29
PID 2076 wrote to memory of 2672	2076	9b511b322382e94cae2587c858ad5b36.exe	29

C:\Users\Admin\AppData\Local\Temp\9b511b322382e94cae2587c858ad5b36.exe
"C:\Users\Admin\AppData\Local\Temp\9b511b322382e94cae2587c858ad5b36.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\9b511b322382e94cae2587c858ad5b36.exe
  C:\Users\Admin\AppData\Local\Temp\9b511b322382e94cae2587c858ad5b36.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\9b511b322382e94cae2587c858ad5b36.exe

Filesize
784KB

MD5
edf6617ccc51bd11687016aa31850049

SHA1
8701f4cafafbcd282a7a4c6b577f1e3d8ffe8bf7

SHA256
6aa39d34aa11d24d70ff30ae41e2b10c9a128b230a837fc5f6d983610d248921

SHA512
21be3bf9d989b8143b819636f6abe57265e03ea16fda65e5679bdc545112f3dbd771a9a6c73b80ad4ab05c72e9abce638cce938a2718ed854add6877a0be5cb6

Download Submit
memory/2076-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2076-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2076-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2076-15-0x00000000032A0000-0x00000000035B2000-memory.dmp

Filesize
3.1MB

Download
memory/2076-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2672-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2672-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2672-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2672-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2672-25-0x0000000003100000-0x0000000003293000-memory.dmp

Filesize
1.6MB

Download
memory/2672-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2672-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download