xmrig | db8321f0d872cb5227234a1920a21348c9bd1a99d7fc900dd929af22997844da

Analysis

max time kernel
121s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac910d0eddf65c7d393d31ca04aabc82.exe
Size

784KB
MD5

ac910d0eddf65c7d393d31ca04aabc82
SHA1

3d0907121761d65636894fa8f2a11aef08b32c52
SHA256

db8321f0d872cb5227234a1920a21348c9bd1a99d7fc900dd929af22997844da
SHA512

2412d8b8b590352d075a2e9597d3fe73dd1ff5ee9666ce7674ea91aebffbf09f022d76e7ef66c09aab47f4e5f26efc1fc74337bcf4c0bd6fca998ea2240eb4dc
SSDEEP

24576:u51DPpD7KYOYiHOhEhAKgma4lgQc7YxCw+/0zYSeDXJ:u51L17KYOzHsBKgUJccx+p1

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1824-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2668-16-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2668-23-0x0000000003100000-0x0000000003293000-memory.dmp	xmrig
behavioral1/memory/2668-22-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2668-33-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2668-32-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1824-34-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2668	ac910d0eddf65c7d393d31ca04aabc82.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	ac910d0eddf65c7d393d31ca04aabc82.exe

Loads dropped DLL 1 IoCs

pid	Process
1824	ac910d0eddf65c7d393d31ca04aabc82.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1824-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012241-10.dat	upx
behavioral1/memory/2668-15-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1824	ac910d0eddf65c7d393d31ca04aabc82.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1824	ac910d0eddf65c7d393d31ca04aabc82.exe
2668	ac910d0eddf65c7d393d31ca04aabc82.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2668	1824	ac910d0eddf65c7d393d31ca04aabc82.exe	28
PID 1824 wrote to memory of 2668	1824	ac910d0eddf65c7d393d31ca04aabc82.exe	28
PID 1824 wrote to memory of 2668	1824	ac910d0eddf65c7d393d31ca04aabc82.exe	28
PID 1824 wrote to memory of 2668	1824	ac910d0eddf65c7d393d31ca04aabc82.exe	28

C:\Users\Admin\AppData\Local\Temp\ac910d0eddf65c7d393d31ca04aabc82.exe
"C:\Users\Admin\AppData\Local\Temp\ac910d0eddf65c7d393d31ca04aabc82.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Users\Admin\AppData\Local\Temp\ac910d0eddf65c7d393d31ca04aabc82.exe
  C:\Users\Admin\AppData\Local\Temp\ac910d0eddf65c7d393d31ca04aabc82.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ac910d0eddf65c7d393d31ca04aabc82.exe

Filesize
784KB

MD5
4b83e392c54874ceb97b4db485c0167b

SHA1
8c8cf9daba7901b0187e75acb13e19b6d8b39164

SHA256
468b2991376ec05ab89c04376e5e3fa074da8970e84774344289a95dc41b862b

SHA512
bf3968a676e0e402fd94417a7bf767e76a34b2d9f90f8d219ed1fe199a1e37a79373d22bfbbfde3e5b95ce388a6c8e456b810d6c04e41d536fd3b96a1eb1246b

Download Submit
memory/1824-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1824-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1824-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1824-34-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2668-15-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2668-17-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2668-16-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2668-23-0x0000000003100000-0x0000000003293000-memory.dmp

Filesize
1.6MB

Download
memory/2668-22-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2668-33-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2668-32-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download