xmrig | 04b136e471f52c7ad01150aad6839c32d6a5a4914f0b628dff78adfba7f16599

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c712191f3dc87e0a88f134cfe3721e12.exe
Size

784KB
MD5

c712191f3dc87e0a88f134cfe3721e12
SHA1

fe9f57551fee580bf147dcd1db144ccdf77d5be3
SHA256

04b136e471f52c7ad01150aad6839c32d6a5a4914f0b628dff78adfba7f16599
SHA512

afe5b7f26be6b9d86fe9f37f944eff8ef069150695b9d8ffd0d0f79b7af2649e489b229ec7182b462ac876bfc56b30c99c19a1c3ad581398fdebc1b01e1b3036
SSDEEP

24576:d+A6S2U5zWp280qyybA68Rkwd2wUuQyG:d+AtbS2KyyU68T2BJV

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2488-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2488-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4044-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4044-20-0x0000000005470000-0x0000000005603000-memory.dmp	xmrig
behavioral2/memory/4044-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4044-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4044	c712191f3dc87e0a88f134cfe3721e12.exe

Executes dropped EXE 1 IoCs

pid	Process
4044	c712191f3dc87e0a88f134cfe3721e12.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2488-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0008000000023210-11.dat	upx
behavioral2/memory/4044-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2488	c712191f3dc87e0a88f134cfe3721e12.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2488	c712191f3dc87e0a88f134cfe3721e12.exe
4044	c712191f3dc87e0a88f134cfe3721e12.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 4044	2488	c712191f3dc87e0a88f134cfe3721e12.exe	89
PID 2488 wrote to memory of 4044	2488	c712191f3dc87e0a88f134cfe3721e12.exe	89
PID 2488 wrote to memory of 4044	2488	c712191f3dc87e0a88f134cfe3721e12.exe	89

C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe
"C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe
  C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c712191f3dc87e0a88f134cfe3721e12.exe

Filesize
784KB

MD5
7b96a05727683160f0e484b5ce9cb7ee

SHA1
4b74c00588135ee2ec8c34749fd454924da3cb8f

SHA256
a0c7d0a1284f03a09ea3b48002a7e90ccb0b43f0dad29be213a7834bb05756fe

SHA512
e62cf511944a1b95decfc8cd55e44bd7fdf57137df6e265cc3d2c5ca5d79be0ff93da51086fb3b9d01d7a911419a4a7237457a76df76238dc2455d52af908b07

Download Submit
memory/2488-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2488-1-0x00000000018D0000-0x0000000001994000-memory.dmp

Filesize
784KB

Download
memory/2488-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2488-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4044-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4044-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4044-14-0x0000000001A80000-0x0000000001B44000-memory.dmp

Filesize
784KB

Download
memory/4044-20-0x0000000005470000-0x0000000005603000-memory.dmp

Filesize
1.6MB

Download
memory/4044-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4044-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download