xmrig | 80b2650c05d118435e6545de1a11fb7bd6a82070ba6da060f6c3a25e6b7a5bf5

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 19:28

Target

bc9c322bb4a89e7f1ac7d58af49242c3.exe
Size

784KB
MD5

bc9c322bb4a89e7f1ac7d58af49242c3
SHA1

ea104f4c6163bbb908be6be086e0f1e9a82eda03
SHA256

80b2650c05d118435e6545de1a11fb7bd6a82070ba6da060f6c3a25e6b7a5bf5
SHA512

f26dcf52398186f66c385ae6fb3213bbee320f005dd70808d05cbc11aebb2d3a1743d6cc77e5b860f158d6a02945c2503ece4c2118cc221bf41823dea582a045
SSDEEP

12288:QXWxLzXU71z/kgduTyeLL8ywV/QqexMLCkZ8VTOzOlAeSYh5o5bjCJ1ELrtjp:QXWxbW/d0ys3QexMLZqOteT8jC7EnD

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/3768-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3768-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/244-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/244-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/244-22-0x0000000005390000-0x0000000005523000-memory.dmp	xmrig
behavioral2/memory/244-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/244-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
244	bc9c322bb4a89e7f1ac7d58af49242c3.exe

Executes dropped EXE 1 IoCs

pid	Process
244	bc9c322bb4a89e7f1ac7d58af49242c3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3768-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/memory/244-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3768	bc9c322bb4a89e7f1ac7d58af49242c3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3768	bc9c322bb4a89e7f1ac7d58af49242c3.exe
244	bc9c322bb4a89e7f1ac7d58af49242c3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 244	3768	bc9c322bb4a89e7f1ac7d58af49242c3.exe	91
PID 3768 wrote to memory of 244	3768	bc9c322bb4a89e7f1ac7d58af49242c3.exe	91
PID 3768 wrote to memory of 244	3768	bc9c322bb4a89e7f1ac7d58af49242c3.exe	91

C:\Users\Admin\AppData\Local\Temp\bc9c322bb4a89e7f1ac7d58af49242c3.exe

Filesize
784KB

MD5
ab5d086d4712a5e060d48f036239fc10

SHA1
f3c7c90a7ba9d47eb323a8102f65a2e0c503b736

SHA256
549f6018f9a8f53503a3e6277ec57e1dc4b5b3fb96c7ed35d104a97a184ae3b1

SHA512
d36a60bf71bae215c27140d9823bb4f44f204687f745cabd8bb695fcc9f94407756ee32df916790513fd2cd0294dd65b6070c0a7a6dd0a690d4c652473ad0580

Download Submit
memory/244-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/244-15-0x0000000001B20000-0x0000000001BE4000-memory.dmp

Filesize
784KB

Download
memory/244-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/244-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/244-22-0x0000000005390000-0x0000000005523000-memory.dmp

Filesize
1.6MB

Download
memory/244-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/244-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3768-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3768-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3768-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3768-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download