xmrig | 7dffe0140722eb9e3e8b01321b371fbfc517199819bb674cb9b671bf18be36ae

Analysis

max time kernel
25s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dffe0140722eb9e3e8b01321b371fbfc517199819bb674cb9b671bf18be36ae.exe
Size

2.3MB
MD5

2cd6a3e3da46cee96a6d76fdb33de586
SHA1

aa832bc9a987d80b13c173f5fe46ef06a296161e
SHA256

7dffe0140722eb9e3e8b01321b371fbfc517199819bb674cb9b671bf18be36ae
SHA512

d628d37df8509c712eb408954a260a309f52d7fffb4319bcdc31858db796c0a2b245dcfcd46d7371596b3b6c3b444e108dc57bb81d65161584d3db47981850fa
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+ANXx7xLOp+19GV:BemTLkNdfE0pZrx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 7 IoCs

resource	yara_rule
behavioral2/memory/3264-0-0x00007FF6A0DF0000-0x00007FF6A1144000-memory.dmp	UPX
behavioral2/files/0x0008000000023208-5.dat	UPX
behavioral2/files/0x000800000002320b-19.dat	UPX
behavioral2/memory/4940-38-0x00007FF60CCA0000-0x00007FF60CFF4000-memory.dmp	UPX
behavioral2/files/0x0007000000023212-49.dat	UPX
behavioral2/files/0x000700000002321e-99.dat	UPX
behavioral2/files/0x000700000002321c-157.dat	UPX

XMRig Miner payload 11 IoCs

miner

resource	yara_rule
behavioral2/memory/3264-0-0x00007FF6A0DF0000-0x00007FF6A1144000-memory.dmp	xmrig
behavioral2/files/0x0008000000023208-5.dat	xmrig
behavioral2/files/0x000800000002320b-19.dat	xmrig
behavioral2/memory/4940-38-0x00007FF60CCA0000-0x00007FF60CFF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023212-49.dat	xmrig
behavioral2/files/0x000700000002321e-99.dat	xmrig
behavioral2/files/0x000700000002321c-157.dat	xmrig
behavioral2/memory/2996-241-0x00007FF6F8920000-0x00007FF6F8C74000-memory.dmp	xmrig
behavioral2/memory/2060-303-0x00007FF707150000-0x00007FF7074A4000-memory.dmp	xmrig
behavioral2/memory/2508-365-0x00007FF6ACBB0000-0x00007FF6ACF04000-memory.dmp	xmrig
behavioral2/memory/4928-468-0x00007FF76F0D0000-0x00007FF76F424000-memory.dmp	xmrig

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3264-0-0x00007FF6A0DF0000-0x00007FF6A1144000-memory.dmp	upx
behavioral2/files/0x0008000000023208-5.dat	upx
behavioral2/files/0x000800000002320b-19.dat	upx
behavioral2/memory/4940-38-0x00007FF60CCA0000-0x00007FF60CFF4000-memory.dmp	upx
behavioral2/files/0x0007000000023212-49.dat	upx
behavioral2/files/0x000700000002321e-99.dat	upx
behavioral2/files/0x000700000002321c-157.dat	upx
behavioral2/memory/2996-241-0x00007FF6F8920000-0x00007FF6F8C74000-memory.dmp	upx
behavioral2/memory/2060-303-0x00007FF707150000-0x00007FF7074A4000-memory.dmp	upx
behavioral2/memory/2508-365-0x00007FF6ACBB0000-0x00007FF6ACF04000-memory.dmp	upx
behavioral2/memory/4928-468-0x00007FF76F0D0000-0x00007FF76F424000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\7dffe0140722eb9e3e8b01321b371fbfc517199819bb674cb9b671bf18be36ae.exe
"C:\Users\Admin\AppData\Local\Temp\7dffe0140722eb9e3e8b01321b371fbfc517199819bb674cb9b671bf18be36ae.exe"
1⤵
PID:3264
- C:\Windows\System\edOXrGK.exe
  C:\Windows\System\edOXrGK.exe
  2⤵
  PID:232
- C:\Windows\System\AnDDMTs.exe
  C:\Windows\System\AnDDMTs.exe
  2⤵
  PID:4940
- C:\Windows\System\okAWmXl.exe
  C:\Windows\System\okAWmXl.exe
  2⤵
  PID:3920
- C:\Windows\System\igNvETt.exe
  C:\Windows\System\igNvETt.exe
  2⤵
  PID:3812
- C:\Windows\System\djhDbCJ.exe
  C:\Windows\System\djhDbCJ.exe
  2⤵
  PID:2996
- C:\Windows\System\IRWpLxm.exe
  C:\Windows\System\IRWpLxm.exe
  2⤵
  PID:2832
- C:\Windows\System\sTIFdkg.exe
  C:\Windows\System\sTIFdkg.exe
  2⤵
  PID:3204
- C:\Windows\System\inBoMAk.exe
  C:\Windows\System\inBoMAk.exe
  2⤵
  PID:5192
- C:\Windows\System\YobvkIi.exe
  C:\Windows\System\YobvkIi.exe
  2⤵
  PID:5396
- C:\Windows\System\XoStUvF.exe
  C:\Windows\System\XoStUvF.exe
  2⤵
  PID:6188
- C:\Windows\System\pqZuCHd.exe
  C:\Windows\System\pqZuCHd.exe
  2⤵
  PID:7008
- C:\Windows\System\UBqoPWI.exe
  C:\Windows\System\UBqoPWI.exe
  2⤵
  PID:7224
- C:\Windows\System\VIdhrnT.exe
  C:\Windows\System\VIdhrnT.exe
  2⤵
  PID:7240
- C:\Windows\System\kQSMGVp.exe
  C:\Windows\System\kQSMGVp.exe
  2⤵
  PID:7264
- C:\Windows\System\MVeYJuT.exe
  C:\Windows\System\MVeYJuT.exe
  2⤵
  PID:7280
- C:\Windows\System\lucANGR.exe
  C:\Windows\System\lucANGR.exe
  2⤵
  PID:7304
- C:\Windows\System\zQuigdc.exe
  C:\Windows\System\zQuigdc.exe
  2⤵
  PID:7320
- C:\Windows\System\NLqUCzn.exe
  C:\Windows\System\NLqUCzn.exe
  2⤵
  PID:7336
- C:\Windows\System\kiCMWfj.exe
  C:\Windows\System\kiCMWfj.exe
  2⤵
  PID:7360
- C:\Windows\System\MSuacEB.exe
  C:\Windows\System\MSuacEB.exe
  2⤵
  PID:7376
- C:\Windows\System\hETfesV.exe
  C:\Windows\System\hETfesV.exe
  2⤵
  PID:7400
- C:\Windows\System\SsPRbEc.exe
  C:\Windows\System\SsPRbEc.exe
  2⤵
  PID:7416
- C:\Windows\System\zuktrVO.exe
  C:\Windows\System\zuktrVO.exe
  2⤵
  PID:7440
- C:\Windows\System\ONmxBjp.exe
  C:\Windows\System\ONmxBjp.exe
  2⤵
  PID:7460
- C:\Windows\System\EMcJVDh.exe
  C:\Windows\System\EMcJVDh.exe
  2⤵
  PID:7476
- C:\Windows\System\NJrROUT.exe
  C:\Windows\System\NJrROUT.exe
  2⤵
  PID:7496
- C:\Windows\System\rNJPVQZ.exe
  C:\Windows\System\rNJPVQZ.exe
  2⤵
  PID:7512
- C:\Windows\System\AEjbUFu.exe
  C:\Windows\System\AEjbUFu.exe
  2⤵
  PID:7536
- C:\Windows\System\iDTOsuU.exe
  C:\Windows\System\iDTOsuU.exe
  2⤵
  PID:7556
- C:\Windows\System\BORLTUv.exe
  C:\Windows\System\BORLTUv.exe
  2⤵
  PID:7588
- C:\Windows\System\plWJxuX.exe
  C:\Windows\System\plWJxuX.exe
  2⤵
  PID:7608
- C:\Windows\System\rvhVzSK.exe
  C:\Windows\System\rvhVzSK.exe
  2⤵
  PID:7624
- C:\Windows\System\KDhzyGR.exe
  C:\Windows\System\KDhzyGR.exe
  2⤵
  PID:7648
- C:\Windows\System\COESpCK.exe
  C:\Windows\System\COESpCK.exe
  2⤵
  PID:7664
- C:\Windows\System\ghVizkb.exe
  C:\Windows\System\ghVizkb.exe
  2⤵
  PID:7684
- C:\Windows\System\iSzAZPp.exe
  C:\Windows\System\iSzAZPp.exe
  2⤵
  PID:7708
- C:\Windows\System\ijvATJt.exe
  C:\Windows\System\ijvATJt.exe
  2⤵
  PID:7724
- C:\Windows\System\jttYqZP.exe
  C:\Windows\System\jttYqZP.exe
  2⤵
  PID:7748
- C:\Windows\System\FsKpUBh.exe
  C:\Windows\System\FsKpUBh.exe
  2⤵
  PID:7764
- C:\Windows\System\JUCCbYU.exe
  C:\Windows\System\JUCCbYU.exe
  2⤵
  PID:7784
- C:\Windows\System\OUhuFTA.exe
  C:\Windows\System\OUhuFTA.exe
  2⤵
  PID:7804
- C:\Windows\System\qttmxPq.exe
  C:\Windows\System\qttmxPq.exe
  2⤵
  PID:7820
- C:\Windows\System\fvRPGKX.exe
  C:\Windows\System\fvRPGKX.exe
  2⤵
  PID:7844
- C:\Windows\System\MmUXWfW.exe
  C:\Windows\System\MmUXWfW.exe
  2⤵
  PID:7860
- C:\Windows\System\bAdFztt.exe
  C:\Windows\System\bAdFztt.exe
  2⤵
  PID:7876
- C:\Windows\System\kRXabhq.exe
  C:\Windows\System\kRXabhq.exe
  2⤵
  PID:7904
- C:\Windows\System\YoVGBaB.exe
  C:\Windows\System\YoVGBaB.exe
  2⤵
  PID:7928
- C:\Windows\System\YDRwkJz.exe
  C:\Windows\System\YDRwkJz.exe
  2⤵
  PID:9076
- C:\Windows\System\mLLBcsz.exe
  C:\Windows\System\mLLBcsz.exe
  2⤵
  PID:10836
- C:\Windows\System\LhrbRZe.exe
  C:\Windows\System\LhrbRZe.exe
  2⤵
  PID:12104
- C:\Windows\System\SgPaqEN.exe
  C:\Windows\System\SgPaqEN.exe
  2⤵
  PID:10552
- C:\Windows\System\TkIhSCL.exe
  C:\Windows\System\TkIhSCL.exe
  2⤵
  PID:8864
- C:\Windows\System\yZmeUGn.exe
  C:\Windows\System\yZmeUGn.exe
  2⤵
  PID:10120
- C:\Windows\System\leeTAfJ.exe
  C:\Windows\System\leeTAfJ.exe
  2⤵
  PID:10360
- C:\Windows\System\VROoVPX.exe
  C:\Windows\System\VROoVPX.exe
  2⤵
  PID:10832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\IRWpLxm.exe

Filesize
448KB

MD5
0642442db4acbbfb6037e06789624264

SHA1
923aee440a6887c7a7a8a78085aa492b2cdcee65

SHA256
5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85

SHA512
7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

Download Submit
C:\Windows\System\OOSNLXL.exe

Filesize
256KB

MD5
c852d0de044ecfdc8164664b8ea3dc6f

SHA1
cfc38798bcbec8419f442fddcbe34cb37971445d

SHA256
32715d7c1c8dcbb10f1add6b003e18def383412f1b6c48f4d9670b8e3ef1d0b7

SHA512
e03bd3ea4470974d8087b8d17ce90233e5a96284236038a869c3b63a693e9a7c9719f6671b6b5d0dbeb167dd4786cd1b7a4b214b02967aac04fad66c8195132f

Download Submit
C:\Windows\System\bVlTTGu.exe

Filesize
128KB

MD5
7ce4ba1725e83a50f64ba525f8815dcf

SHA1
b1714a2d23cfc42c18c37e1546ac0908d8252c04

SHA256
9f7e171000696500dfb6a966f2c3ddf12dc1a77b8276ef660f14f7b7188d2908

SHA512
2dff777f276295d96892e5749316e2e8892ba50f8398f9972ecc2f6e5378213e3cdd31c7c6ab8360d3490d1ec9e77be4e73ac137e108b2eddff2feaaf600be19

Download Submit
C:\Windows\System\edOXrGK.exe

Filesize
1.4MB

MD5
8fb3698f8673ef06ea41ad75f61bfbd3

SHA1
294f713cb64025f8a14dcfec332e5c5764b53dda

SHA256
79da01e75d2ab0689c24a2f4ac62882b2c6ee3e4154c285d1a2380c3ce8d28a5

SHA512
aa4bd78c7674da6a0771c09a8204c98c90304eac03b378ca8c34cda97562899160ede14984f764db94432737056c49c96e71380a9d090de1439cd8a58a6aa724

Download Submit
C:\Windows\System\nLQUJHy.exe

Filesize
64KB

MD5
51e4020b90426a266032ae5bcb74e5b3

SHA1
242fa8dc7d05d7b78f629fe2652627274810a122

SHA256
5984cb4794a67b4fd33c39a8582f294030d387db17fdb4933391142fb7f614c6

SHA512
5acda5a7b0ce962164cbb0c2fe75fb43a2d35d269fbb33e0eda06f3daf5a3cc37b11c0b76c58b3b3846604a879813821c87b0ead541065090905bfc897125758

Download Submit
memory/2060-303-0x00007FF707150000-0x00007FF7074A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-365-0x00007FF6ACBB0000-0x00007FF6ACF04000-memory.dmp

Filesize
3.3MB

Download
memory/2996-241-0x00007FF6F8920000-0x00007FF6F8C74000-memory.dmp

Filesize
3.3MB

Download
memory/3264-0-0x00007FF6A0DF0000-0x00007FF6A1144000-memory.dmp

Filesize
3.3MB

Download
memory/3264-1-0x00000205F1FC0000-0x00000205F1FD0000-memory.dmp

Filesize
64KB

Download
memory/4928-468-0x00007FF76F0D0000-0x00007FF76F424000-memory.dmp

Filesize
3.3MB

Download
memory/4940-38-0x00007FF60CCA0000-0x00007FF60CFF4000-memory.dmp

Filesize
3.3MB

Download