xmrig | a806958a1a67659f180291da9dd4cdae780a0adb4bc3e3ceb7bba68b5e6f0c6e

Analysis

max time kernel
121s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c56c2504cec4ddb879c2dcff1aff4c00.exe
Size

784KB
MD5

c56c2504cec4ddb879c2dcff1aff4c00
SHA1

a5787f84653ceb6c2d334ec6a27e730b37e726d0
SHA256

a806958a1a67659f180291da9dd4cdae780a0adb4bc3e3ceb7bba68b5e6f0c6e
SHA512

1cc9f8e803b8170e8ead03397d2cb7aed46abe35ca6ab7c4bac14e6c4f65b7f451352e9dfa67791d04615725f1158900cc308628f1930c3d248fc6f785acff9a
SSDEEP

12288:VRdHTmKVstkr+uvp83O22Dft5dG0e0oBBEN4TLDEDkqTIj/4IokoNi9m:d66sOrNv23O2Af1a0oBBE8LIDkvkIRo

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1740-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1740-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2556-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2556-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2556-26-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2556-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1740-35-0x0000000003120000-0x0000000003432000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2556	c56c2504cec4ddb879c2dcff1aff4c00.exe

Executes dropped EXE 1 IoCs

pid	Process
2556	c56c2504cec4ddb879c2dcff1aff4c00.exe

Loads dropped DLL 1 IoCs

pid	Process
1740	c56c2504cec4ddb879c2dcff1aff4c00.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c0000000122de-10.dat	upx
behavioral1/memory/1740-15-0x0000000003120000-0x0000000003432000-memory.dmp	upx
behavioral1/memory/2556-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1740	c56c2504cec4ddb879c2dcff1aff4c00.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1740	c56c2504cec4ddb879c2dcff1aff4c00.exe
2556	c56c2504cec4ddb879c2dcff1aff4c00.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2556	1740	c56c2504cec4ddb879c2dcff1aff4c00.exe	28
PID 1740 wrote to memory of 2556	1740	c56c2504cec4ddb879c2dcff1aff4c00.exe	28
PID 1740 wrote to memory of 2556	1740	c56c2504cec4ddb879c2dcff1aff4c00.exe	28
PID 1740 wrote to memory of 2556	1740	c56c2504cec4ddb879c2dcff1aff4c00.exe	28

C:\Users\Admin\AppData\Local\Temp\c56c2504cec4ddb879c2dcff1aff4c00.exe
"C:\Users\Admin\AppData\Local\Temp\c56c2504cec4ddb879c2dcff1aff4c00.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\c56c2504cec4ddb879c2dcff1aff4c00.exe
  C:\Users\Admin\AppData\Local\Temp\c56c2504cec4ddb879c2dcff1aff4c00.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c56c2504cec4ddb879c2dcff1aff4c00.exe

Filesize
784KB

MD5
67fa12881345fdb34e3c9c194fae9377

SHA1
3dd9d9ad0797938fbecc7be715250f63b8931bcb

SHA256
c96fefbf86b0af9fba096dc46f60b6e62b92bb285af6fd3685a514c0ac91fab1

SHA512
772e360d50e2836161327a7202ae9877ed2283e689915c61d5c13b6372c67077343b8ac8b064834d6a197bda51994ad1b7a60788ebd438b39a3b598829c12278

Download Submit
memory/1740-35-0x0000000003120000-0x0000000003432000-memory.dmp

Filesize
3.1MB

Download
memory/1740-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/1740-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1740-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1740-15-0x0000000003120000-0x0000000003432000-memory.dmp

Filesize
3.1MB

Download
memory/1740-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2556-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2556-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2556-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2556-26-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2556-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2556-18-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download