xmrig | 04b136e471f52c7ad01150aad6839c32d6a5a4914f0b628dff78adfba7f16599

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c712191f3dc87e0a88f134cfe3721e12.exe
Size

784KB
MD5

c712191f3dc87e0a88f134cfe3721e12
SHA1

fe9f57551fee580bf147dcd1db144ccdf77d5be3
SHA256

04b136e471f52c7ad01150aad6839c32d6a5a4914f0b628dff78adfba7f16599
SHA512

afe5b7f26be6b9d86fe9f37f944eff8ef069150695b9d8ffd0d0f79b7af2649e489b229ec7182b462ac876bfc56b30c99c19a1c3ad581398fdebc1b01e1b3036
SSDEEP

24576:d+A6S2U5zWp280qyybA68Rkwd2wUuQyG:d+AtbS2KyyU68T2BJV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2372-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2372-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2372-16-0x00000000031B0000-0x00000000034C2000-memory.dmp	xmrig
behavioral1/memory/3040-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3040-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/3040-27-0x0000000003120000-0x00000000032B3000-memory.dmp	xmrig
behavioral1/memory/3040-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/3040-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3040	c712191f3dc87e0a88f134cfe3721e12.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	c712191f3dc87e0a88f134cfe3721e12.exe

Loads dropped DLL 1 IoCs

pid	Process
2372	c712191f3dc87e0a88f134cfe3721e12.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000012251-10.dat	upx
behavioral1/memory/3040-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	c712191f3dc87e0a88f134cfe3721e12.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2372	c712191f3dc87e0a88f134cfe3721e12.exe
3040	c712191f3dc87e0a88f134cfe3721e12.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3040	2372	c712191f3dc87e0a88f134cfe3721e12.exe	29
PID 2372 wrote to memory of 3040	2372	c712191f3dc87e0a88f134cfe3721e12.exe	29
PID 2372 wrote to memory of 3040	2372	c712191f3dc87e0a88f134cfe3721e12.exe	29
PID 2372 wrote to memory of 3040	2372	c712191f3dc87e0a88f134cfe3721e12.exe	29

C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe
"C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe
  C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe

Filesize
784KB

MD5
fff81b992e4332df6cf12b7505aea801

SHA1
7e7ccdf834fcda98fd61dbcb30a411a88a00b5d9

SHA256
edfdc895e020cd9daa92f94fdb22edfb481c58f3a3994cd0cec33b4da6d9fe27

SHA512
71761cf19af3b5b44df1a827f25fb23a1b342a2dc37dd4997c097dd2c2a62ce4950e8e865dd08b115e63c1f0e18cabe320f20d19d5220d10ef032ca1ee56e6a7

Download Submit
memory/2372-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2372-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2372-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2372-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2372-16-0x00000000031B0000-0x00000000034C2000-memory.dmp

Filesize
3.1MB

Download
memory/3040-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3040-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3040-18-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/3040-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3040-27-0x0000000003120000-0x00000000032B3000-memory.dmp

Filesize
1.6MB

Download
memory/3040-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3040-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download