xmrig | 1c943878a69e564ee71ef3ea246c6bc9cde43dc37e878b64162e5731682b038e

General

Target

1c943878a69e564ee71ef3ea246c6bc9cde43dc37e878b64162e5731682b038e.exe
Size

2.0MB
MD5

aca35b9a59f0d7af944bf1090003e583
SHA1

8fd7c5318b3546ef790a3ede59b9df048566ac72
SHA256

1c943878a69e564ee71ef3ea246c6bc9cde43dc37e878b64162e5731682b038e
SHA512

4777133b77142b0ef7b38b0ad511f05bb2ced7061fd4774cd98d79a6c8186cace4cae6919514f10e651349fea909d848a6676a76130b4775396a78dd5eef86d9
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQUUvXjVTo9iKd2lE:BemTLkNdfE0pZrQY

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 3 IoCs

resource	yara_rule
behavioral2/files/0x000400000001e980-5.dat	UPX
behavioral2/files/0x0009000000023040-16.dat	UPX
behavioral2/files/0x0007000000023202-28.dat	UPX

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral2/memory/2804-0-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp	xmrig
behavioral2/files/0x000400000001e980-5.dat	xmrig
behavioral2/files/0x0009000000023040-16.dat	xmrig
behavioral2/files/0x0007000000023202-28.dat	xmrig
behavioral2/files/0x0007000000023201-42.dat	xmrig
behavioral2/files/0x0007000000023206-67.dat	xmrig
behavioral2/files/0x000700000002320f-91.dat	xmrig
behavioral2/files/0x0007000000023209-163.dat	xmrig

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2804-0-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp	upx
behavioral2/files/0x000400000001e980-5.dat	upx
behavioral2/files/0x0009000000023040-16.dat	upx
behavioral2/files/0x0007000000023202-28.dat	upx
behavioral2/files/0x0007000000023201-42.dat	upx
behavioral2/files/0x0007000000023206-67.dat	upx
behavioral2/files/0x000700000002320f-91.dat	upx
behavioral2/files/0x0007000000023209-163.dat	upx
behavioral2/memory/2568-352-0x00007FF65EF60000-0x00007FF65F2B4000-memory.dmp	upx
behavioral2/memory/376-499-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp	upx
behavioral2/memory/5088-631-0x00007FF6FE720000-0x00007FF6FEA74000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\1c943878a69e564ee71ef3ea246c6bc9cde43dc37e878b64162e5731682b038e.exe
"C:\Users\Admin\AppData\Local\Temp\1c943878a69e564ee71ef3ea246c6bc9cde43dc37e878b64162e5731682b038e.exe"
1⤵
PID:2804
- C:\Windows\System\plyPtFF.exe
  C:\Windows\System\plyPtFF.exe
  2⤵
  PID:3828
- C:\Windows\System\nAooVGe.exe
  C:\Windows\System\nAooVGe.exe
  2⤵
  PID:4976
- C:\Windows\System\hmAznbr.exe
  C:\Windows\System\hmAznbr.exe
  2⤵
  PID:2364
- C:\Windows\System\dmoDDYn.exe
  C:\Windows\System\dmoDDYn.exe
  2⤵
  PID:5008
- C:\Windows\System\BczWTBz.exe
  C:\Windows\System\BczWTBz.exe
  2⤵
  PID:4972
- C:\Windows\System\lMWWbjZ.exe
  C:\Windows\System\lMWWbjZ.exe
  2⤵
  PID:1948
- C:\Windows\System\DJxLHxm.exe
  C:\Windows\System\DJxLHxm.exe
  2⤵
  PID:3140
- C:\Windows\System\CXtzbwi.exe
  C:\Windows\System\CXtzbwi.exe
  2⤵
  PID:5564
- C:\Windows\System\RrjEFbh.exe
  C:\Windows\System\RrjEFbh.exe
  2⤵
  PID:1156
- C:\Windows\System\gkDUZVn.exe
  C:\Windows\System\gkDUZVn.exe
  2⤵
  PID:60
- C:\Windows\System\WEytFdC.exe
  C:\Windows\System\WEytFdC.exe
  2⤵
  PID:7920
- C:\Windows\System\FOfOPYA.exe
  C:\Windows\System\FOfOPYA.exe
  2⤵
  PID:11976
- C:\Windows\System\tZBaRcr.exe
  C:\Windows\System\tZBaRcr.exe
  2⤵
  PID:14184
- C:\Windows\System\sMhIXzh.exe
  C:\Windows\System\sMhIXzh.exe
  2⤵
  PID:15084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\IVWKPiJ.exe

Filesize
286KB

MD5
e3b3a45f4d346e063753b99aafba4831

SHA1
7b695547699ec75e3894043a13b0ad3031364806

SHA256
61eead0e410bec63349b552f2826e420dc320e89676dc0a616feb7eb7797fcfc

SHA512
8a1a2b9e2d6b73db6a25ac53feb2bf4afb0e4251089fabae5f778805b4d2cf8ff9f62e308a3ee6b0a8978151c1f14d5b7989f0c98ef34fd5cfa3a65f7917f0b5

Download Submit
C:\Windows\System\MgaEvHN.exe

Filesize
57KB

MD5
df3d3eb089374e900d41adf1d718105e

SHA1
9b1df661426960b7d449f2bc9753b04944c3804b

SHA256
4c81e47aff098f59b57b3a6616863e9878fc4cd3c5c6ee134ccd1fa58dc57214

SHA512
6ceeff7ec283a4fe9ef0d66d88af20e8d055735e5fd4b0b555bc978b0d85f1ab0dcbf0e7191301e0dea3b938487c4b4d6d90e688e1b376e8a9bd84960ea19470

Download Submit
C:\Windows\System\dmoDDYn.exe

Filesize
21KB

MD5
7f51187aa3d1f0b9447c656d5814df38

SHA1
65d1a63d985eff00874fc121729d2afe8910849f

SHA256
27021a86bf324292a481b5801ebb1bdd5c670d10b5fab5f6c21a9f46b71d3ee6

SHA512
5e512bef6d75e4ca152958e888978600d3c3dbfb9f51e1b4ef3752ff1e4b473514d880c09d54d48265655f2c2974227b09b562a0e55660a43e6281093314af97

Download Submit
C:\Windows\System\nQQYsxN.exe

Filesize
64KB

MD5
51e4020b90426a266032ae5bcb74e5b3

SHA1
242fa8dc7d05d7b78f629fe2652627274810a122

SHA256
5984cb4794a67b4fd33c39a8582f294030d387db17fdb4933391142fb7f614c6

SHA512
5acda5a7b0ce962164cbb0c2fe75fb43a2d35d269fbb33e0eda06f3daf5a3cc37b11c0b76c58b3b3846604a879813821c87b0ead541065090905bfc897125758

Download Submit
C:\Windows\System\plyPtFF.exe

Filesize
1.1MB

MD5
fd82da185e5a49219183fc220b4a880e

SHA1
72267e320b4bd526e3e1ba9fd80a7fb4c5a4cfe6

SHA256
90d016700c3e836ddfa243662082a4e23adedef5e8fc1c5fa57b46f6e257b688

SHA512
5d3235aaa989eb1b4ca5a9593081fa027e0048eaa1c559694cb08aab5e1f8c46fbcea15d9c224026ec11917b04fdd3b3c42021c5a793d8d717a0510410258037

Download Submit
C:\Windows\System\tJRFqjX.exe

Filesize
184KB

MD5
0156c98f3055f12ad70efdc06fa9928b

SHA1
b03db97f5e8017a7cee37a6b7ce25ab8b310a3f0

SHA256
dd8ca55988a4d96fb4077e4fa8ea85b8c539a37bd3925ba0bc12011589db33b1

SHA512
35621e248106dc0d616e0e1eb11e62433efdb2590aaf1b8295b57dd0a14374d5a7fa0e782d79c3d4c9be1f7a83047e0f4045b3cbd80997ff4a1c9d2410e5ac41

Download Submit
memory/376-499-0x00007FF7A6190000-0x00007FF7A64E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-352-0x00007FF65EF60000-0x00007FF65F2B4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-0-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1-0x0000026ED23A0000-0x0000026ED23B0000-memory.dmp

Filesize
64KB

Download
memory/5088-631-0x00007FF6FE720000-0x00007FF6FEA74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing