xmrig | f76515f0967e5caa89c48c9871a6c7874c6a821e7c5ac77f279ec5577fc5a1b7

Analysis

max time kernel
10s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f76515f0967e5caa89c48c9871a6c7874c6a821e7c5ac77f279ec5577fc5a1b7.exe
Size

1.3MB
MD5

9617080d4a2eea725e548e0463b98a1c
SHA1

021330e3e2e78916ba0c572d7006f694bd917d88
SHA256

f76515f0967e5caa89c48c9871a6c7874c6a821e7c5ac77f279ec5577fc5a1b7
SHA512

9f4acd69c019d6523410e95312237fd777639aa2d2e0d1efc82a05c1945278f1da014862f65128657ffca7fcce8c09b32f930b867a1b6c598059a0993593e3a2
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727HeoPO+XC7A9GaFs1XllvB5zJsSsyKBsQVdE:ROdWCCi7/rahOYilJ51srSQE

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 6 IoCs

resource	yara_rule
behavioral2/memory/532-0-0x00007FF6DC060000-0x00007FF6DC3B1000-memory.dmp	UPX
behavioral2/files/0x000400000001e5eb-5.dat	UPX
behavioral2/files/0x0008000000023201-8.dat	UPX
behavioral2/files/0x0008000000023201-9.dat	UPX
behavioral2/files/0x0007000000023205-29.dat	UPX
behavioral2/files/0x0007000000023217-123.dat	UPX

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/532-0-0x00007FF6DC060000-0x00007FF6DC3B1000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-5.dat	upx
behavioral2/files/0x0008000000023201-8.dat	upx
behavioral2/files/0x0008000000023201-9.dat	upx
behavioral2/files/0x0007000000023205-29.dat	upx
behavioral2/files/0x0007000000023217-123.dat	upx
behavioral2/memory/3320-580-0x00007FF7F9010000-0x00007FF7F9361000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System\Quamuyl.exe	f76515f0967e5caa89c48c9871a6c7874c6a821e7c5ac77f279ec5577fc5a1b7.exe

C:\Users\Admin\AppData\Local\Temp\f76515f0967e5caa89c48c9871a6c7874c6a821e7c5ac77f279ec5577fc5a1b7.exe
"C:\Users\Admin\AppData\Local\Temp\f76515f0967e5caa89c48c9871a6c7874c6a821e7c5ac77f279ec5577fc5a1b7.exe"
1⤵
- Drops file in Windows directory
PID:532
- C:\Windows\System\Quamuyl.exe
  C:\Windows\System\Quamuyl.exe
  2⤵
  PID:3064
- C:\Windows\System\pmVNsqF.exe
  C:\Windows\System\pmVNsqF.exe
  2⤵
  PID:4024
- C:\Windows\System\uYagseo.exe
  C:\Windows\System\uYagseo.exe
  2⤵
  PID:1876
- C:\Windows\System\kuMuDIs.exe
  C:\Windows\System\kuMuDIs.exe
  2⤵
  PID:4940
- C:\Windows\System\lLuqRUJ.exe
  C:\Windows\System\lLuqRUJ.exe
  2⤵
  PID:7952
- C:\Windows\System\oxPecQE.exe
  C:\Windows\System\oxPecQE.exe
  2⤵
  PID:8088
- C:\Windows\System\osgHkWg.exe
  C:\Windows\System\osgHkWg.exe
  2⤵
  PID:12736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Quamuyl.exe

Filesize
576KB

MD5
d2df64f60e879f6ef8ccc990af85a2d2

SHA1
5c3c0dc801ada6024cd2f101a8d846cc8b9bf673

SHA256
847b17ca73559d6ce5d45e50dca4d326c189cd8c13219afab770f2148fcd0058

SHA512
bcc9ac55960c10501eef1b094c33881720ca3f76512277d548a3a5b1ca37161b4bbd4a1e64aee3d7c69e3bc1ab5c79a4c7c6c634b95e1b729120e3e72f20fa01

Download Submit
C:\Windows\System\SnKBIGu.exe

Filesize
128KB

MD5
79ed7369315fb2aa363e2b15500a571f

SHA1
929f102ae43f9ba5e3f24d1d0a817f97bc0e1513

SHA256
75ead97724680ee34ae99ce5d361574b2d0435406b7b6e8c3aee4ca389e3e388

SHA512
c64406c2a3dc466b1e12f28fb832da78da75d257c21ff524279fca8f41148f0ea5327d9009bc76009cd210bc1e900d18cdb3f92608ca3f3e31ea467eef0a92a8

Download Submit
C:\Windows\System\pmVNsqF.exe

Filesize
384KB

MD5
973f44a47779a687fd0bb65c224596e7

SHA1
d4cf3e4b28d610ee947343829a7e2b4cbdc3ddcf

SHA256
0def842055dea35c457aafc49929128319c6be6026d74391b6e618515d034bb3

SHA512
71017e4fe61c87f3398dd6dbaaf47582bdad84718d1e5877b5ca7d9071e1e728c7c566039c3b29585e95dab3c79fda699dca2c41d6ba5a8db8f82cfe1f24d9fe

Download Submit
C:\Windows\System\pmVNsqF.exe

Filesize
256KB

MD5
ae54bedd5413475f8a071aadeaf53c42

SHA1
5d1d5c5dfd349cf4a67a0443d07da15dcfa5110e

SHA256
9b43e4ac9c0450145f48a9f37c29de0118ae008c4c9b6713c8a323db1cdacc82

SHA512
89b52fa8e2f0f385b5944a49eb9d207dab258fcc1f853e5cfeae440f5c106575bb4e32561b646e98307fc2bc890785ad2d5d0819e8b232e4d227950dd6703cfc

Download Submit
memory/532-0-0x00007FF6DC060000-0x00007FF6DC3B1000-memory.dmp

Filesize
3.3MB

Download
memory/532-1-0x000001D472520000-0x000001D472530000-memory.dmp

Filesize
64KB

Download
memory/3320-580-0x00007FF7F9010000-0x00007FF7F9361000-memory.dmp

Filesize
3.3MB

Download