xmrig | 0b1819dd5e38c12e503e09631695d254f22be2eaab98f9b9132f0759005363d6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

add30c44d617c157a23956733485abdb.exe
Size

784KB
MD5

add30c44d617c157a23956733485abdb
SHA1

41c3b47b9d4f815ebc4b2ef9699d172f31d46deb
SHA256

0b1819dd5e38c12e503e09631695d254f22be2eaab98f9b9132f0759005363d6
SHA512

3dee31c64dc0447f60f71f8c1aa8dbd2d6ec979d2623dd9693e1a88e4f01836fc58f30dfe1f52d1f03b324e7075f0f7389bbd5b36e30a04b2203bc2e08fb66c9
SSDEEP

24576:8wbQD/KhCaqUrUec43biEMu5cpA6fy7MLH:8z/KYa8ur75+AI

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1792-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1792-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2500-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2500-20-0x0000000005430000-0x00000000055C3000-memory.dmp	xmrig
behavioral2/memory/2500-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2500-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2500	add30c44d617c157a23956733485abdb.exe

Executes dropped EXE 1 IoCs

pid	Process
2500	add30c44d617c157a23956733485abdb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1792-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000900000002321c-11.dat	upx
behavioral2/memory/2500-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1792	add30c44d617c157a23956733485abdb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1792	add30c44d617c157a23956733485abdb.exe
2500	add30c44d617c157a23956733485abdb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2500	1792	add30c44d617c157a23956733485abdb.exe	89
PID 1792 wrote to memory of 2500	1792	add30c44d617c157a23956733485abdb.exe	89
PID 1792 wrote to memory of 2500	1792	add30c44d617c157a23956733485abdb.exe	89

C:\Users\Admin\AppData\Local\Temp\add30c44d617c157a23956733485abdb.exe
"C:\Users\Admin\AppData\Local\Temp\add30c44d617c157a23956733485abdb.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\add30c44d617c157a23956733485abdb.exe
  C:\Users\Admin\AppData\Local\Temp\add30c44d617c157a23956733485abdb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\add30c44d617c157a23956733485abdb.exe

Filesize
784KB

MD5
297818948a7156fb66808fc6cb804647

SHA1
88a8d9d864fbb75b0144d838f4773fb4e4d56029

SHA256
449aafd11219b9df89dd6648837af21319d2605a60b77732b29ad43392342d0d

SHA512
07a6c6c68fc82b1486b57bfe3e22132058d41df0c0f9b956a1e181e84c76519a1edb432e3dc247ba8cf97782a0f9d44f9824a31bca376d091bc7ee90ed4f15a6

Download Submit
memory/1792-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1792-1-0x0000000001910000-0x00000000019D4000-memory.dmp

Filesize
784KB

Download
memory/1792-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1792-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2500-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2500-14-0x0000000001A40000-0x0000000001B04000-memory.dmp

Filesize
784KB

Download
memory/2500-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2500-20-0x0000000005430000-0x00000000055C3000-memory.dmp

Filesize
1.6MB

Download
memory/2500-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2500-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download