xmrig | e6279b277ed0f4250a5cc0add193620e756879a780a775ed5c755bbafb1842a2

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1cc29b6d2a374643d61bafc32d6fdb2.exe
Size

784KB
MD5

a1cc29b6d2a374643d61bafc32d6fdb2
SHA1

d2a635eca6605eda4a7100dee189d32a70b25028
SHA256

e6279b277ed0f4250a5cc0add193620e756879a780a775ed5c755bbafb1842a2
SHA512

e359138b424e1fbb996141a52eaa4ee99a78c290e2077c9af71f7488f86405504c00f5a0f67a5320c4edaeee281b92bc4e1348d2b622980307606261f7356823
SSDEEP

24576:KkTSObC+byCPWaFcPjvtbaGnlBGU0hCB5gOVb6YM:nhCgcLRaGnlBGM5g2uZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4900-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4900-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4808-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4808-20-0x0000000005370000-0x0000000005503000-memory.dmp	xmrig
behavioral2/memory/4808-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4808-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/4808-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4808	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Executes dropped EXE 1 IoCs

pid	Process
4808	a1cc29b6d2a374643d61bafc32d6fdb2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4900-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/4808-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x001b00000002251f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4900	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4900	a1cc29b6d2a374643d61bafc32d6fdb2.exe
4808	a1cc29b6d2a374643d61bafc32d6fdb2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4808	4900	a1cc29b6d2a374643d61bafc32d6fdb2.exe	86
PID 4900 wrote to memory of 4808	4900	a1cc29b6d2a374643d61bafc32d6fdb2.exe	86
PID 4900 wrote to memory of 4808	4900	a1cc29b6d2a374643d61bafc32d6fdb2.exe	86

C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe
"C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe
  C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a1cc29b6d2a374643d61bafc32d6fdb2.exe

Filesize
784KB

MD5
c5f8350c556c05854609cbb7e44e5e7b

SHA1
b3a14e6492a18b02da84e893e4c83c772cfa7d2b

SHA256
90f4631d099b15202c1155875b7224767bc47b00f8d23daee15ce5ea7cf6a583

SHA512
624a2bc9ed3c6ee349502905263749448ec58e6806417c5399cba7d1cc10a73aed3251989a9f5b881de376cc75736dc325226a718ebb6b8961312ae3c5855d13

Download Submit
memory/4808-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4808-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4808-14-0x0000000001B00000-0x0000000001BC4000-memory.dmp

Filesize
784KB

Download
memory/4808-20-0x0000000005370000-0x0000000005503000-memory.dmp

Filesize
1.6MB

Download
memory/4808-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4808-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/4808-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4900-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4900-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4900-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4900-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download