xmrig | b359491c18a2c60d8cea6d280388636b14dd41e3ca860bedfd311b6d1503de65

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a06a571909d4b21f54342d74f27f116b.exe
Size

784KB
MD5

a06a571909d4b21f54342d74f27f116b
SHA1

6752c60acc86d6d62ff8ed1e556829f5ff60192f
SHA256

b359491c18a2c60d8cea6d280388636b14dd41e3ca860bedfd311b6d1503de65
SHA512

cc5633a64971eb89846391e627535dfde5c71ab0cbb12663da94f3203f0d31fc20f2bdc07d225db18bbb945cd5fbb1c9e8bfdf72b527bbf2de752aeea4bc7cb4
SSDEEP

12288:aoEJtJX+TF23MukGbGuQ9NVnirrjgmf/IgTAmHJqs2Gtmtm2KN7Ovewmgz6F+9:9sX+RBAbGuQ9PiIghpqr5twN7Ohg

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2208-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2208-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1692-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1692-20-0x00000000053D0000-0x0000000005563000-memory.dmp	xmrig
behavioral2/memory/1692-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1692-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1692	a06a571909d4b21f54342d74f27f116b.exe

Executes dropped EXE 1 IoCs

pid	Process
1692	a06a571909d4b21f54342d74f27f116b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2208-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00070000000230ff-11.dat	upx
behavioral2/memory/1692-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2208	a06a571909d4b21f54342d74f27f116b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2208	a06a571909d4b21f54342d74f27f116b.exe
1692	a06a571909d4b21f54342d74f27f116b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1692	2208	a06a571909d4b21f54342d74f27f116b.exe	81
PID 2208 wrote to memory of 1692	2208	a06a571909d4b21f54342d74f27f116b.exe	81
PID 2208 wrote to memory of 1692	2208	a06a571909d4b21f54342d74f27f116b.exe	81

C:\Users\Admin\AppData\Local\Temp\a06a571909d4b21f54342d74f27f116b.exe
"C:\Users\Admin\AppData\Local\Temp\a06a571909d4b21f54342d74f27f116b.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\a06a571909d4b21f54342d74f27f116b.exe
  C:\Users\Admin\AppData\Local\Temp\a06a571909d4b21f54342d74f27f116b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a06a571909d4b21f54342d74f27f116b.exe

Filesize
589KB

MD5
da711c5455bdd7a61959327606d9504c

SHA1
952355e8e26661531122cb9638648fb730c978da

SHA256
ec60dd6d279bd52484ffb58e68ec4c2aca81b5c6d7165c4c0c9d1e21d8d77b02

SHA512
7caf9d51d947e45f6f5b23e73a58f2fc5bd87fcce5edbc52b22ac86ce8b29a5f8f243b4e954ad6252ba2ec691bae0f68f56a017fd22fc34fc2f229e22239965c

Download Submit
memory/1692-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1692-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1692-14-0x00000000019E0000-0x0000000001AA4000-memory.dmp

Filesize
784KB

Download
memory/1692-20-0x00000000053D0000-0x0000000005563000-memory.dmp

Filesize
1.6MB

Download
memory/1692-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1692-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2208-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2208-1-0x00000000018F0000-0x00000000019B4000-memory.dmp

Filesize
784KB

Download
memory/2208-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2208-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download