xmrig | e6279b277ed0f4250a5cc0add193620e756879a780a775ed5c755bbafb1842a2

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1cc29b6d2a374643d61bafc32d6fdb2.exe
Size

784KB
MD5

a1cc29b6d2a374643d61bafc32d6fdb2
SHA1

d2a635eca6605eda4a7100dee189d32a70b25028
SHA256

e6279b277ed0f4250a5cc0add193620e756879a780a775ed5c755bbafb1842a2
SHA512

e359138b424e1fbb996141a52eaa4ee99a78c290e2077c9af71f7488f86405504c00f5a0f67a5320c4edaeee281b92bc4e1348d2b622980307606261f7356823
SSDEEP

24576:KkTSObC+byCPWaFcPjvtbaGnlBGU0hCB5gOVb6YM:nhCgcLRaGnlBGM5g2uZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2332-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2332-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1412-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1412-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1412-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/1412-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1412-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1412	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Executes dropped EXE 1 IoCs

pid	Process
1412	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Loads dropped DLL 1 IoCs

pid	Process
2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000900000001224e-10.dat	upx
behavioral1/memory/2332-14-0x0000000003220000-0x0000000003532000-memory.dmp	upx
behavioral1/memory/1412-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe
1412	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1412	2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe	29
PID 2332 wrote to memory of 1412	2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe	29
PID 2332 wrote to memory of 1412	2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe	29
PID 2332 wrote to memory of 1412	2332	a1cc29b6d2a374643d61bafc32d6fdb2.exe	29

C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe
"C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe
  C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe

Filesize
784KB

MD5
6d44378d4d283f5a852e578be4b7497d

SHA1
e1b24e3a40f88070cec4cb2c3e20fdb7cd2f2792

SHA256
c87b24f2cdb49df92102a371bf81f23e6ec459a6e40f5f9b0752361d8dfe0cdb

SHA512
3e982fc28ec9750972c164aea60658563009abb8a0f4e29e44385fbe9c623783324ccadcb726b38678c0663edb9131514d175940e89d6e585c769797afa0ea9b

Download Submit
memory/1412-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1412-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1412-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1412-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1412-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/1412-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1412-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2332-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2332-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2332-14-0x0000000003220000-0x0000000003532000-memory.dmp

Filesize
3.1MB

Download
memory/2332-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2332-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download