xmrig | 5bc81c6707ad85b09698f4d8df3dc83173db2d038e2b6a3e1df8465d090facaf

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b67cfbc47557e5d40eb0974b312c497a.exe
Size

784KB
MD5

b67cfbc47557e5d40eb0974b312c497a
SHA1

ccfeab60160139d681641ddd0a199878bfcc5d0e
SHA256

5bc81c6707ad85b09698f4d8df3dc83173db2d038e2b6a3e1df8465d090facaf
SHA512

738afb76f870228c9070ab8adab96aa7a46546b42e472ffb9f1ec0d302b0627de466f2658873185eedfbcb936f10497226680dd55f60d6ebd9fd620fe578c2a2
SSDEEP

24576:N2+Iw5IBPZh84SeX82Q1HgAGiwiImW9IcClNNf:E+POhh8B5FbjLImW9IF

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2388-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2560-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2388-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2560-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2560-26-0x0000000003270000-0x0000000003403000-memory.dmp	xmrig
behavioral1/memory/2560-36-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2560-35-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2560	b67cfbc47557e5d40eb0974b312c497a.exe

Executes dropped EXE 1 IoCs

pid	Process
2560	b67cfbc47557e5d40eb0974b312c497a.exe

Loads dropped DLL 1 IoCs

pid	Process
2388	b67cfbc47557e5d40eb0974b312c497a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2388-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012255-10.dat	upx
behavioral1/memory/2560-18-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/memory/2388-15-0x0000000003080000-0x0000000003392000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2388	b67cfbc47557e5d40eb0974b312c497a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2388	b67cfbc47557e5d40eb0974b312c497a.exe
2560	b67cfbc47557e5d40eb0974b312c497a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2560	2388	b67cfbc47557e5d40eb0974b312c497a.exe	29
PID 2388 wrote to memory of 2560	2388	b67cfbc47557e5d40eb0974b312c497a.exe	29
PID 2388 wrote to memory of 2560	2388	b67cfbc47557e5d40eb0974b312c497a.exe	29
PID 2388 wrote to memory of 2560	2388	b67cfbc47557e5d40eb0974b312c497a.exe	29

C:\Users\Admin\AppData\Local\Temp\b67cfbc47557e5d40eb0974b312c497a.exe
"C:\Users\Admin\AppData\Local\Temp\b67cfbc47557e5d40eb0974b312c497a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\b67cfbc47557e5d40eb0974b312c497a.exe
  C:\Users\Admin\AppData\Local\Temp\b67cfbc47557e5d40eb0974b312c497a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b67cfbc47557e5d40eb0974b312c497a.exe

Filesize
784KB

MD5
2d8c958c66ea169b9e1e49fe934644c8

SHA1
ce4921d41a7416b7ed7fae08c75dab3c99f8371b

SHA256
838732b7e1b16e5dc3f53e505c5cc654fe2f7df4c127830fe83bcd35530aa246

SHA512
31aa8e32794eef7ac72aacd8d9e61e051534b2445d4f6cd0c8e9af27b75aa90ce55280ba65e14089817c238d27997d3467a35a0d9a56f689441f4fb540f66d89

Download Submit
memory/2388-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2388-4-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2388-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2388-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2388-15-0x0000000003080000-0x0000000003392000-memory.dmp

Filesize
3.1MB

Download
memory/2560-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2560-18-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2560-20-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2560-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2560-26-0x0000000003270000-0x0000000003403000-memory.dmp

Filesize
1.6MB

Download
memory/2560-36-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2560-35-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download