xmrig | f20db6281d6f6c5f377e7c04cd13439466b1677528e112b929ee6f4a442353e7

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9847f148c0dda34b59d419df8231a00.exe
Size

784KB
MD5

b9847f148c0dda34b59d419df8231a00
SHA1

ef28813c7f6ff503b03c7d79c37498e354006512
SHA256

f20db6281d6f6c5f377e7c04cd13439466b1677528e112b929ee6f4a442353e7
SHA512

2d98f112fd1638d70d0d78db41dd1797d0b7e756bb50bbc08ac45d9611c5fdb75604e04935c33aa126fafec4681fe71a85c6f58290be7539f4c1fc85c5679e4e
SSDEEP

24576:Zan4gx3ONvGeCyAvkHLW6fcVjxcJMFrQOcEU+:ZbOmZQWMFgl+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2120-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2120-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2544-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2544-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2544-25-0x0000000003100000-0x0000000003293000-memory.dmp	xmrig
behavioral1/memory/2544-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2544-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2544	b9847f148c0dda34b59d419df8231a00.exe

Executes dropped EXE 1 IoCs

pid	Process
2544	b9847f148c0dda34b59d419df8231a00.exe

Loads dropped DLL 1 IoCs

pid	Process
2120	b9847f148c0dda34b59d419df8231a00.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0008000000012254-10.dat	upx
behavioral1/memory/2120-15-0x0000000003220000-0x0000000003532000-memory.dmp	upx
behavioral1/memory/2544-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2120	b9847f148c0dda34b59d419df8231a00.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2120	b9847f148c0dda34b59d419df8231a00.exe
2544	b9847f148c0dda34b59d419df8231a00.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2544	2120	b9847f148c0dda34b59d419df8231a00.exe	29
PID 2120 wrote to memory of 2544	2120	b9847f148c0dda34b59d419df8231a00.exe	29
PID 2120 wrote to memory of 2544	2120	b9847f148c0dda34b59d419df8231a00.exe	29
PID 2120 wrote to memory of 2544	2120	b9847f148c0dda34b59d419df8231a00.exe	29

C:\Users\Admin\AppData\Local\Temp\b9847f148c0dda34b59d419df8231a00.exe
"C:\Users\Admin\AppData\Local\Temp\b9847f148c0dda34b59d419df8231a00.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\b9847f148c0dda34b59d419df8231a00.exe
  C:\Users\Admin\AppData\Local\Temp\b9847f148c0dda34b59d419df8231a00.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b9847f148c0dda34b59d419df8231a00.exe

Filesize
784KB

MD5
9189487708e133ff1a277cdd38c7db99

SHA1
4e6122a0d590c2de832b0bb346f9efdfda1dffa9

SHA256
37b5f20fe15a707e70f1ca044ec36535b2e6b1a24f95f4b002771f5db7e5983a

SHA512
9892a72b62832712c5221128e6b67e6a03ee94477e09513e8dc5a55437a27fb7ace22f710427f79054499be059a1525d6a6f8ca035897627f7987e88e1b8a6a3

Download Submit
memory/2120-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2120-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2120-1-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2120-15-0x0000000003220000-0x0000000003532000-memory.dmp

Filesize
3.1MB

Download
memory/2120-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2544-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2544-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2544-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2544-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2544-25-0x0000000003100000-0x0000000003293000-memory.dmp

Filesize
1.6MB

Download
memory/2544-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2544-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download