xmrig | a6be60ef672da3c4571107cc04b1eb44863c2a2e064d094223e9ec0cf575b10e

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 09:27

Target

9b511b322382e94cae2587c858ad5b36.exe
Size

784KB
MD5

9b511b322382e94cae2587c858ad5b36
SHA1

d6cd7f9b5b1154aa31083b1dc8acadb455a2eab8
SHA256

a6be60ef672da3c4571107cc04b1eb44863c2a2e064d094223e9ec0cf575b10e
SHA512

a104375b2482e788822aff82939154b5d4c80b61dab42431df25879ffbd7b07536bbe6b77b23113e2d63ab8e5e9dcd11fc2dd4d8eb4a3f04707a625083da48a1
SSDEEP

12288:O/9a774vlt7rZTEpxvnWt8TKrI50/zWiNmPfuD3NlUyJWQO44gLzJl/BC9CikHe:0076tPabvWtGKrI8jhlPPJJ0sic

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2836-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2836-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3840-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3840-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3840-22-0x0000000005540000-0x00000000056D3000-memory.dmp	xmrig
behavioral2/memory/3840-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3840	9b511b322382e94cae2587c858ad5b36.exe

Executes dropped EXE 1 IoCs

pid	Process
3840	9b511b322382e94cae2587c858ad5b36.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2836-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0006000000023215-11.dat	upx
behavioral2/memory/3840-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2836	9b511b322382e94cae2587c858ad5b36.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2836	9b511b322382e94cae2587c858ad5b36.exe
3840	9b511b322382e94cae2587c858ad5b36.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 3840	2836	9b511b322382e94cae2587c858ad5b36.exe	85
PID 2836 wrote to memory of 3840	2836	9b511b322382e94cae2587c858ad5b36.exe	85
PID 2836 wrote to memory of 3840	2836	9b511b322382e94cae2587c858ad5b36.exe	85

C:\Users\Admin\AppData\Local\Temp\9b511b322382e94cae2587c858ad5b36.exe

Filesize
784KB

MD5
6b8d7a40905aae55369a55a0d4d19dad

SHA1
5268e1fa4678f966a3148c64b69e7fc13077d67b

SHA256
ad12d4b0c88265084ab0703abe08cdbcc6cffd3a8071a1a7a17093959c1752ea

SHA512
70cdbb92a158dbc952ad132db16077270b38e478a7fe18853ed4c6d6c15a69fd771126fd9ad6a6c8f78b0fe55b48468ca5698368b1faf79490b2483ba835a0b0

Download Submit
memory/2836-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2836-1-0x0000000001AB0000-0x0000000001B74000-memory.dmp

Filesize
784KB

Download
memory/2836-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2836-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3840-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3840-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3840-14-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3840-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3840-22-0x0000000005540000-0x00000000056D3000-memory.dmp

Filesize
1.6MB

Download
memory/3840-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download