xmrig | 6d6a78656794234e24dae307da4626aaf9544ae89635145b30347018d4bfce3f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0f3a6bd1dcb60050d1823f8a2ec1b71.exe
Size

784KB
MD5

c0f3a6bd1dcb60050d1823f8a2ec1b71
SHA1

806483da042d698b17a56c9d6585e47b05b4b21f
SHA256

6d6a78656794234e24dae307da4626aaf9544ae89635145b30347018d4bfce3f
SHA512

e872058c5901f22aaac8069e9debaff1c4fb6300965e7bd41324f61d9231a24418eb2bee56f3575d9d95f3d447595a74bae0de16e2669cd2f349ab63db323c65
SSDEEP

12288:yf+iblHsaUhGsWfjSweVsWnXGvlfU4feFFsV8DR9sQtvcl1gE33aQb:yfhFagOptnilfXWbk8DR9fWl1l3pb

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2068-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2068-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2096-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2096-26-0x00000000030F0000-0x0000000003283000-memory.dmp	xmrig
behavioral1/memory/2096-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2096-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2096-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2096	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe

Executes dropped EXE 1 IoCs

pid	Process
2096	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe

Loads dropped DLL 1 IoCs

pid	Process
2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000d000000012253-10.dat	upx
behavioral1/memory/2068-15-0x0000000003150000-0x0000000003462000-memory.dmp	upx
behavioral1/memory/2096-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe
2096	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2096	2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe	29
PID 2068 wrote to memory of 2096	2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe	29
PID 2068 wrote to memory of 2096	2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe	29
PID 2068 wrote to memory of 2096	2068	c0f3a6bd1dcb60050d1823f8a2ec1b71.exe	29

C:\Users\Admin\AppData\Local\Temp\c0f3a6bd1dcb60050d1823f8a2ec1b71.exe
"C:\Users\Admin\AppData\Local\Temp\c0f3a6bd1dcb60050d1823f8a2ec1b71.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\c0f3a6bd1dcb60050d1823f8a2ec1b71.exe
  C:\Users\Admin\AppData\Local\Temp\c0f3a6bd1dcb60050d1823f8a2ec1b71.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c0f3a6bd1dcb60050d1823f8a2ec1b71.exe

Filesize
784KB

MD5
c9f05e24aad228179e33c967327beffd

SHA1
7b29e3ecff5ffd864c380833d37ac6a9424cb0d4

SHA256
daad52b620b204eec94e568a11ad97896c71eadcf1c1ea09c892aec8d2e4e756

SHA512
e66522b5bfcebfbfcdc57d1044b782bec9f585fd9207b69d521ad5352cbd9f52afc683fa88ffc607717afcca21c2afc1e15e32fa60d0ad9455fc00165fc1d400

Download Submit
memory/2068-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2068-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2068-3-0x00000000002A0000-0x0000000000364000-memory.dmp

Filesize
784KB

Download
memory/2068-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2068-15-0x0000000003150000-0x0000000003462000-memory.dmp

Filesize
3.1MB

Download
memory/2096-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2096-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2096-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2096-26-0x00000000030F0000-0x0000000003283000-memory.dmp

Filesize
1.6MB

Download
memory/2096-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2096-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2096-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download