xmrig | 26f69ee842cf434f42ebd4a2850064c7e534e0b3ab7287a39daeceed8dc5befe

Analysis

max time kernel
112s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9ce1594c7eeb4ec7862e2c9c456a956.exe
Size

784KB
MD5

a9ce1594c7eeb4ec7862e2c9c456a956
SHA1

a9b623601e69e0e74832b6e0083d3850ab6dab6b
SHA256

26f69ee842cf434f42ebd4a2850064c7e534e0b3ab7287a39daeceed8dc5befe
SHA512

a06bdef5887df517541fc12e2d6016c45b7a2a86b540daadd254e3b57cd3a6aea58954b11b60c3bd67a97a745d46207a078e4ff0e983da51607a9cc7dfd45562
SSDEEP

24576:vYD4iCFKxjBZezMAqHDaH7mXeB9SDuHCRiB7:AEitBZe4nGH7mKSACRi

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/5036-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5036-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1248-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1248-20-0x00000000053F0000-0x0000000005583000-memory.dmp	xmrig
behavioral2/memory/1248-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/1248-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1248	a9ce1594c7eeb4ec7862e2c9c456a956.exe

Executes dropped EXE 1 IoCs

pid	Process
1248	a9ce1594c7eeb4ec7862e2c9c456a956.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5036-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000600000002301d-11.dat	upx
behavioral2/memory/1248-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5036	a9ce1594c7eeb4ec7862e2c9c456a956.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5036	a9ce1594c7eeb4ec7862e2c9c456a956.exe
1248	a9ce1594c7eeb4ec7862e2c9c456a956.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 1248	5036	a9ce1594c7eeb4ec7862e2c9c456a956.exe	89
PID 5036 wrote to memory of 1248	5036	a9ce1594c7eeb4ec7862e2c9c456a956.exe	89
PID 5036 wrote to memory of 1248	5036	a9ce1594c7eeb4ec7862e2c9c456a956.exe	89

C:\Users\Admin\AppData\Local\Temp\a9ce1594c7eeb4ec7862e2c9c456a956.exe
"C:\Users\Admin\AppData\Local\Temp\a9ce1594c7eeb4ec7862e2c9c456a956.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Users\Admin\AppData\Local\Temp\a9ce1594c7eeb4ec7862e2c9c456a956.exe
  C:\Users\Admin\AppData\Local\Temp\a9ce1594c7eeb4ec7862e2c9c456a956.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a9ce1594c7eeb4ec7862e2c9c456a956.exe

Filesize
784KB

MD5
0aa184ed74f81a81d5b1580a2cb7af59

SHA1
0134f29343e366b6c268c1ed941f635b3f9230ba

SHA256
72d677b00611b1d3693ff6a485d054df36f6c9e90bf91cdf050f819312e13093

SHA512
ca0eff827fcfa9392ed4a436d30877b6423783f7d517c94a68dddb4bf1d9443ea65ad4eb6b1347ac405ad39c1912e6653105c920b7742535acc8d293b9ba18e8

Download Submit
memory/1248-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1248-15-0x0000000001A00000-0x0000000001AC4000-memory.dmp

Filesize
784KB

Download
memory/1248-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1248-20-0x00000000053F0000-0x0000000005583000-memory.dmp

Filesize
1.6MB

Download
memory/1248-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1248-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5036-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/5036-1-0x0000000001980000-0x0000000001A44000-memory.dmp

Filesize
784KB

Download
memory/5036-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/5036-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download