xmrig | 0d62f293cf36c210dc96a9afc5d95763dddf230c7db9f49b21f1e95d7a7cbc15

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be9d07211fa86e1fa1a9889549cbd113.exe
Size

784KB
MD5

be9d07211fa86e1fa1a9889549cbd113
SHA1

b51b6f4a534a0e328460a5c49b0e3b2fccfca4d1
SHA256

0d62f293cf36c210dc96a9afc5d95763dddf230c7db9f49b21f1e95d7a7cbc15
SHA512

7f05b697359efc233e5026f7b454cbb67e6e1b891f47ccb7cfcfea1ce6079d400e066bcfa5b133c358daacc3946417cf6a456392f7ab7995dc1e5fa9ec6a5df5
SSDEEP

12288:txPJNlkIfzwAE6+7ulD7olLhm2jBYwaqN73t1PACISm218a2oUtCSpF+cE:t1lkwdmusdm2jBNbPOSmU/2AsF9E

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2704-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2704-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2308-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2308-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2308-24-0x0000000003240000-0x00000000033D3000-memory.dmp	xmrig
behavioral1/memory/2308-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2308-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2308	be9d07211fa86e1fa1a9889549cbd113.exe

Executes dropped EXE 1 IoCs

pid	Process
2308	be9d07211fa86e1fa1a9889549cbd113.exe

Loads dropped DLL 1 IoCs

pid	Process
2704	be9d07211fa86e1fa1a9889549cbd113.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2704-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000900000001222c-10.dat	upx
behavioral1/memory/2704-15-0x0000000003130000-0x0000000003442000-memory.dmp	upx
behavioral1/memory/2308-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2704	be9d07211fa86e1fa1a9889549cbd113.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2704	be9d07211fa86e1fa1a9889549cbd113.exe
2308	be9d07211fa86e1fa1a9889549cbd113.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2308	2704	be9d07211fa86e1fa1a9889549cbd113.exe	29
PID 2704 wrote to memory of 2308	2704	be9d07211fa86e1fa1a9889549cbd113.exe	29
PID 2704 wrote to memory of 2308	2704	be9d07211fa86e1fa1a9889549cbd113.exe	29
PID 2704 wrote to memory of 2308	2704	be9d07211fa86e1fa1a9889549cbd113.exe	29

C:\Users\Admin\AppData\Local\Temp\be9d07211fa86e1fa1a9889549cbd113.exe
"C:\Users\Admin\AppData\Local\Temp\be9d07211fa86e1fa1a9889549cbd113.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Users\Admin\AppData\Local\Temp\be9d07211fa86e1fa1a9889549cbd113.exe
  C:\Users\Admin\AppData\Local\Temp\be9d07211fa86e1fa1a9889549cbd113.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\be9d07211fa86e1fa1a9889549cbd113.exe

Filesize
784KB

MD5
f93bf377af44182a94e37a56c27c7fd9

SHA1
c90774ce57e05c1b8f41a527f2004670e6efb828

SHA256
2eaae1319f325f9599fc773d8a84bc90c08a9e9e16d475ca5485814d1763b4ea

SHA512
748f18a16654fd378e31450ac7e64aee3f5d90116b521f63b23aae5bc21b2fe57f033e6677a83b51108ef416623410e09ac2d51f97ebddc8bbc1ada55ab1097a

Download Submit
memory/2308-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2308-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2308-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2308-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2308-24-0x0000000003240000-0x00000000033D3000-memory.dmp

Filesize
1.6MB

Download
memory/2308-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2308-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2704-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2704-2-0x00000000002E0000-0x00000000003A4000-memory.dmp

Filesize
784KB

Download
memory/2704-15-0x0000000003130000-0x0000000003442000-memory.dmp

Filesize
3.1MB

Download
memory/2704-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2704-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download