xmrig | 1f5b89116555d610ff6b455fddfa4182295051db4ffc3dbbb883ef8b77db9be2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c034e8320b0fe866c2aadcff0ac66e7e.exe
Size

784KB
MD5

c034e8320b0fe866c2aadcff0ac66e7e
SHA1

941898981656786d4e5ef5ea4610d7d91095e89e
SHA256

1f5b89116555d610ff6b455fddfa4182295051db4ffc3dbbb883ef8b77db9be2
SHA512

14d33d7171c8a50f0ffd7b9b45931c82045797d11ca476732dd58332da4a16f0c703ffc7e0fe7fee2af53326fdca0c7d7ad7ba16cc47c7e554eb7df428303c9f
SSDEEP

12288:abGPEQPZ+EHtxCyIlA40JD0758b5cdLP3S+NMmCRTEnm:R8k+EHtkyhjO5cOdLfS+qmUTEn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1256-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2092-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1256-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2092-27-0x0000000003010000-0x00000000031A3000-memory.dmp	xmrig
behavioral1/memory/2092-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2092-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2092-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2092	c034e8320b0fe866c2aadcff0ac66e7e.exe

Executes dropped EXE 1 IoCs

pid	Process
2092	c034e8320b0fe866c2aadcff0ac66e7e.exe

Loads dropped DLL 1 IoCs

pid	Process
1256	c034e8320b0fe866c2aadcff0ac66e7e.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1256-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0008000000012252-10.dat	upx
behavioral1/memory/1256-15-0x0000000003080000-0x0000000003392000-memory.dmp	upx
behavioral1/memory/2092-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1256	c034e8320b0fe866c2aadcff0ac66e7e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1256	c034e8320b0fe866c2aadcff0ac66e7e.exe
2092	c034e8320b0fe866c2aadcff0ac66e7e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 2092	1256	c034e8320b0fe866c2aadcff0ac66e7e.exe	29
PID 1256 wrote to memory of 2092	1256	c034e8320b0fe866c2aadcff0ac66e7e.exe	29
PID 1256 wrote to memory of 2092	1256	c034e8320b0fe866c2aadcff0ac66e7e.exe	29
PID 1256 wrote to memory of 2092	1256	c034e8320b0fe866c2aadcff0ac66e7e.exe	29

C:\Users\Admin\AppData\Local\Temp\c034e8320b0fe866c2aadcff0ac66e7e.exe
"C:\Users\Admin\AppData\Local\Temp\c034e8320b0fe866c2aadcff0ac66e7e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Users\Admin\AppData\Local\Temp\c034e8320b0fe866c2aadcff0ac66e7e.exe
  C:\Users\Admin\AppData\Local\Temp\c034e8320b0fe866c2aadcff0ac66e7e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c034e8320b0fe866c2aadcff0ac66e7e.exe

Filesize
784KB

MD5
355c0c23fdb5d770cf53ea78ee860cdd

SHA1
a839c0dd89dd90bcf1827c8947e87c55df89ff2a

SHA256
f6b224280d8905ba0587395abcefcbbff10fb316470a3e7c975786650f230eca

SHA512
6e5df62c49d90bf9a54f7bc48cc2551f28b8910c15461bee6a0315176a6c8f45ba6bac5f5c854192af92786c638c2ca9897d6479ed1449eb7837ea01fab25db3

Download Submit
memory/1256-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1256-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1256-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1256-15-0x0000000003080000-0x0000000003392000-memory.dmp

Filesize
3.1MB

Download
memory/1256-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2092-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2092-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2092-19-0x0000000000310000-0x00000000003D4000-memory.dmp

Filesize
784KB

Download
memory/2092-27-0x0000000003010000-0x00000000031A3000-memory.dmp

Filesize
1.6MB

Download
memory/2092-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2092-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2092-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download