Overview

overview

10

Static

static

7

b81677e170...53.exe

windows7-x64

10

b81677e170...53.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 18:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b81677e170b953edb06ecb8b0ef47f53.exe

  • Size

    784KB

  • MD5

    b81677e170b953edb06ecb8b0ef47f53

  • SHA1

    06c1a6346adc0e3e3d570c609079e3cc28c8da74

  • SHA256

    3abac632ff8f3d3df905b9bc9a2e0c7628db45f0c5e99b284861626de493387e

  • SHA512

    70482c3ab287a61010ff88481e6c90ece24d91c4b58e6f703b854280343ed00ab1e9f887e4c0a6f7365ec20a97d1401c1584a4116e8187d397ca914a636194b5

  • SSDEEP

    24576:1DmzILk8NpLPQi5rSmCvrTgN/ucjP2hxhFwh:JnLk8PoiRSmCvPgVucjP2hxh

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b81677e170b953edb06ecb8b0ef47f53.exe
    "C:\Users\Admin\AppData\Local\Temp\b81677e170b953edb06ecb8b0ef47f53.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Users\Admin\AppData\Local\Temp\b81677e170b953edb06ecb8b0ef47f53.exe
      C:\Users\Admin\AppData\Local\Temp\b81677e170b953edb06ecb8b0ef47f53.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3176

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\b81677e170b953edb06ecb8b0ef47f53.exe
          Filesize

          784KB

          MD5

          191d93d8a2210b5ff6b854add6fc938d

          SHA1

          81b57a116c69fe0a6fbf1b34c8245b8f2419c424

          SHA256

          71f75fbb6c0fdeaba3a65dd485734e7196d4a1f5d9e1d8dbbe16376bbea89434

          SHA512

          dbb709f543124d9d33818210129d3d56c544a762eedab0bbef65b1976fb9a916ad9695cae256e840fa4f13f71a9148c0a52556d81f2cebb6d911fb60c4989bdd

          Download Submit

        • memory/3176-12-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3176-15-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3176-14-0x00000000018F0000-0x00000000019B4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3176-20-0x00000000054B0000-0x0000000005643000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3176-21-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3176-30-0x0000000000400000-0x0000000000587000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/3296-0-0x0000000000400000-0x0000000000712000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3296-1-0x0000000001B20000-0x0000000001BE4000-memory.dmp

          Filesize

          784KB

          Download

        • memory/3296-2-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3296-13-0x0000000000400000-0x0000000000593000-memory.dmp

          Filesize

          1.6MB

          Download