xmrig | 3dce0563dbe3c25292178b7ff58af0cedaaf0809de7832f7905055bc71305fd8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 16:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac49fccfe8e98d8819f1902eefd4642e.exe
Size

1.5MB
MD5

ac49fccfe8e98d8819f1902eefd4642e
SHA1

2243329cbc8521d218d7cfffeb7c72ccc153c4a1
SHA256

3dce0563dbe3c25292178b7ff58af0cedaaf0809de7832f7905055bc71305fd8
SHA512

46078352fa35fc09fb54279b11b1e06d41ffd8b5fbe6197d7bfdce1bb630b61259023b0ddd4a3c05d6d4564af7ddd6ed674141553de3c98aa2d6aeef8604b4ed
SSDEEP

49152:0toMhx/oHDHwWq1pJLoXiQH7Hfav3jIZThiK:0j/aRH7Aj6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2852-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2852-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2784-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2784-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2784-25-0x00000000030D0000-0x0000000003263000-memory.dmp	xmrig
behavioral1/memory/2784-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2784-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2784	ac49fccfe8e98d8819f1902eefd4642e.exe

Executes dropped EXE 1 IoCs

pid	Process
2784	ac49fccfe8e98d8819f1902eefd4642e.exe

Loads dropped DLL 1 IoCs

pid	Process
2852	ac49fccfe8e98d8819f1902eefd4642e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2852-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c00000001225d-10.dat	upx
behavioral1/memory/2784-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2852	ac49fccfe8e98d8819f1902eefd4642e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2852	ac49fccfe8e98d8819f1902eefd4642e.exe
2784	ac49fccfe8e98d8819f1902eefd4642e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2784	2852	ac49fccfe8e98d8819f1902eefd4642e.exe	29
PID 2852 wrote to memory of 2784	2852	ac49fccfe8e98d8819f1902eefd4642e.exe	29
PID 2852 wrote to memory of 2784	2852	ac49fccfe8e98d8819f1902eefd4642e.exe	29
PID 2852 wrote to memory of 2784	2852	ac49fccfe8e98d8819f1902eefd4642e.exe	29

C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe
"C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe
  C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe

Filesize
784KB

MD5
23313da771c7667d9400930443f98baa

SHA1
7476b2078e79fdf757eb3a551a144a12b6b93691

SHA256
3e2ce4d54c162e818cd20873e1aef24f4978886d2d3efbd3eb31efea40c9f16e

SHA512
98f52586663afdd789c7478ea653f47b7b3fb10961564f2a7d34f502f348c1c7bd3a98f39bda568635a97096cd4a234c4912f140477b491d687ed597f8b306cd

Download Submit
memory/2784-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2784-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2784-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2784-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2784-25-0x00000000030D0000-0x0000000003263000-memory.dmp

Filesize
1.6MB

Download
memory/2784-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2784-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2852-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2852-2-0x0000000000200000-0x00000000002C4000-memory.dmp

Filesize
784KB

Download
memory/2852-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2852-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download