xmrig | 3dce0563dbe3c25292178b7ff58af0cedaaf0809de7832f7905055bc71305fd8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac49fccfe8e98d8819f1902eefd4642e.exe
Size

1.5MB
MD5

ac49fccfe8e98d8819f1902eefd4642e
SHA1

2243329cbc8521d218d7cfffeb7c72ccc153c4a1
SHA256

3dce0563dbe3c25292178b7ff58af0cedaaf0809de7832f7905055bc71305fd8
SHA512

46078352fa35fc09fb54279b11b1e06d41ffd8b5fbe6197d7bfdce1bb630b61259023b0ddd4a3c05d6d4564af7ddd6ed674141553de3c98aa2d6aeef8604b4ed
SSDEEP

49152:0toMhx/oHDHwWq1pJLoXiQH7Hfav3jIZThiK:0j/aRH7Aj6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4348-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4348-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3144-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3144-21-0x0000000005450000-0x00000000055E3000-memory.dmp	xmrig
behavioral2/memory/3144-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3144-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3144	ac49fccfe8e98d8819f1902eefd4642e.exe

Executes dropped EXE 1 IoCs

pid	Process
3144	ac49fccfe8e98d8819f1902eefd4642e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4348-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000900000002321a-11.dat	upx
behavioral2/memory/3144-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4348	ac49fccfe8e98d8819f1902eefd4642e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4348	ac49fccfe8e98d8819f1902eefd4642e.exe
3144	ac49fccfe8e98d8819f1902eefd4642e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 3144	4348	ac49fccfe8e98d8819f1902eefd4642e.exe	88
PID 4348 wrote to memory of 3144	4348	ac49fccfe8e98d8819f1902eefd4642e.exe	88
PID 4348 wrote to memory of 3144	4348	ac49fccfe8e98d8819f1902eefd4642e.exe	88

C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe
"C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe
  C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ac49fccfe8e98d8819f1902eefd4642e.exe

Filesize
784KB

MD5
40d5c04e5df5bef3b327e996f7dc205a

SHA1
8efbc907d04645d28ac02f5504a9f82903486d9f

SHA256
b643b7e1dbf293df87c9a87cacb17d75b581a85ca57b80d31705c8e8448de9c7

SHA512
faed8ca0b6ce68496448264e0db9bd0e4eb9ba9a02641ded47c606dbea0d25e4dbab69f458b0068c122e1e0f9ffd1883c3ebb3c9b3e64c65aaf38f68bb7b30f1

Download Submit
memory/3144-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3144-14-0x0000000001A60000-0x0000000001B24000-memory.dmp

Filesize
784KB

Download
memory/3144-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3144-21-0x0000000005450000-0x00000000055E3000-memory.dmp

Filesize
1.6MB

Download
memory/3144-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3144-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4348-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4348-1-0x0000000001AE0000-0x0000000001BA4000-memory.dmp

Filesize
784KB

Download
memory/4348-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4348-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download