xmrig | 70abaf91c3e9bd47c3c8d4569b991902d539db9ca76d4cf0f2ac410f40fa210f

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba6c000ff4cb119343ca00794b95909d.exe
Size

784KB
MD5

ba6c000ff4cb119343ca00794b95909d
SHA1

97a8a55a82d9f0dc1023c33c7bcb6213233e9395
SHA256

70abaf91c3e9bd47c3c8d4569b991902d539db9ca76d4cf0f2ac410f40fa210f
SHA512

9d80ae4b10d550b240fcf00eaaeba19f980a297b710827a2c53d03e80392af5c9493be799bfcf4519941720bb248b8ccfbb19ec752687fd1b85f232967d394a3
SSDEEP

24576:QjU7G4Jsu4EnT8Fa18ivc+ZrbUverkiYOTJwvoQhG3OHN:esyu481dv5E2rlYgJwvO3oN

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2240-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2240-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2360-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2360-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2360-24-0x0000000003110000-0x00000000032A3000-memory.dmp	xmrig
behavioral1/memory/2360-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2360-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2360	ba6c000ff4cb119343ca00794b95909d.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	ba6c000ff4cb119343ca00794b95909d.exe

Loads dropped DLL 1 IoCs

pid	Process
2240	ba6c000ff4cb119343ca00794b95909d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000900000001224c-10.dat	upx
behavioral1/memory/2360-16-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2240	ba6c000ff4cb119343ca00794b95909d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2240	ba6c000ff4cb119343ca00794b95909d.exe
2360	ba6c000ff4cb119343ca00794b95909d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2360	2240	ba6c000ff4cb119343ca00794b95909d.exe	31
PID 2240 wrote to memory of 2360	2240	ba6c000ff4cb119343ca00794b95909d.exe	31
PID 2240 wrote to memory of 2360	2240	ba6c000ff4cb119343ca00794b95909d.exe	31
PID 2240 wrote to memory of 2360	2240	ba6c000ff4cb119343ca00794b95909d.exe	31

C:\Users\Admin\AppData\Local\Temp\ba6c000ff4cb119343ca00794b95909d.exe
"C:\Users\Admin\AppData\Local\Temp\ba6c000ff4cb119343ca00794b95909d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\ba6c000ff4cb119343ca00794b95909d.exe
  C:\Users\Admin\AppData\Local\Temp\ba6c000ff4cb119343ca00794b95909d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ba6c000ff4cb119343ca00794b95909d.exe

Filesize
784KB

MD5
7bca4900e81a61aaf872884c85ef4e5d

SHA1
4b5baac4a77190044b52c69fbd916e8b4ee11127

SHA256
1638dfe722ef629446b9a08e8ccfe92ee7c2b74769fed773fcb85bd59f5abe4c

SHA512
b750ef4ce2dd353537524fd84c24662bb7d5e11394b2f8814aa3ff26dd6e635f0c9eaf01ed1363f61a914076b7039626c18e7d8fa42aebd9158ecc7f38022134

Download Submit
memory/2240-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2240-2-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2240-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2240-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2360-16-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2360-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2360-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2360-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2360-24-0x0000000003110000-0x00000000032A3000-memory.dmp

Filesize
1.6MB

Download
memory/2360-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2360-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download