xmrig | ae7308045c746a174352d122efdeaf1fee68fbcb64ba3e059e5bee7da6c19174

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0ea1e6bdd5434cd320dbb88de42875c.exe
Size

784KB
MD5

c0ea1e6bdd5434cd320dbb88de42875c
SHA1

3745b945653c4e98a520422ccdf7eb4255241505
SHA256

ae7308045c746a174352d122efdeaf1fee68fbcb64ba3e059e5bee7da6c19174
SHA512

9eccee71f59d6143c5a3d56fd8f16851a825645cf4dcf74c489cfaa0c3b4eda3f480795af5f19b4c73182037f107de63fa34663cdb5189dbfad13a140c9d1215
SSDEEP

12288:A7u469Ux6yg2XNo3X1J1NbEMYMBSa0zu7qzxDSb6dD+e1wsWvAI8NKolcUx:8Sco1dEkB9Muqzxmb6dyeeVsKolrx

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2036-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2036-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2036-27-0x0000000003140000-0x00000000032D3000-memory.dmp	xmrig
behavioral1/memory/2036-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2036-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2036	c0ea1e6bdd5434cd320dbb88de42875c.exe

Executes dropped EXE 1 IoCs

pid	Process
2036	c0ea1e6bdd5434cd320dbb88de42875c.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	c0ea1e6bdd5434cd320dbb88de42875c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012253-10.dat	upx
behavioral1/memory/1636-15-0x00000000031E0000-0x00000000034F2000-memory.dmp	upx
behavioral1/memory/2036-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1636	c0ea1e6bdd5434cd320dbb88de42875c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1636	c0ea1e6bdd5434cd320dbb88de42875c.exe
2036	c0ea1e6bdd5434cd320dbb88de42875c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2036	1636	c0ea1e6bdd5434cd320dbb88de42875c.exe	29
PID 1636 wrote to memory of 2036	1636	c0ea1e6bdd5434cd320dbb88de42875c.exe	29
PID 1636 wrote to memory of 2036	1636	c0ea1e6bdd5434cd320dbb88de42875c.exe	29
PID 1636 wrote to memory of 2036	1636	c0ea1e6bdd5434cd320dbb88de42875c.exe	29

C:\Users\Admin\AppData\Local\Temp\c0ea1e6bdd5434cd320dbb88de42875c.exe
"C:\Users\Admin\AppData\Local\Temp\c0ea1e6bdd5434cd320dbb88de42875c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\c0ea1e6bdd5434cd320dbb88de42875c.exe
  C:\Users\Admin\AppData\Local\Temp\c0ea1e6bdd5434cd320dbb88de42875c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c0ea1e6bdd5434cd320dbb88de42875c.exe

Filesize
784KB

MD5
990ae4ce04e18a73ff85c0563458ad95

SHA1
0338bdb168d07e16c868650cef43b946a2824834

SHA256
bd7860bedf069ac674e679c6520c98797f2ff3c6b5f8702eb6d610cc833e855e

SHA512
5f1c93e90c7d1ba6b1e2fd11ceb333a9b67bc64fd5bb0fb704eefcbcbfb0e24b9a525393337b03840c6dae79518ca3fe261522b1719f2332a557bb5a529d9475

Download Submit
memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1636-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1636-15-0x00000000031E0000-0x00000000034F2000-memory.dmp

Filesize
3.1MB

Download
memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2036-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2036-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2036-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2036-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2036-27-0x0000000003140000-0x00000000032D3000-memory.dmp

Filesize
1.6MB

Download
memory/2036-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2036-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download