xmrig | 8121a19abd98c5963c5dd2d4b85e10aa8288b09840cdb3034f9755fd01ca0407

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c60faabaef3aa3332cb9d8b6af71caf2.exe
Size

784KB
MD5

c60faabaef3aa3332cb9d8b6af71caf2
SHA1

a20c83399fa6cb56f21a1dd8943e2d4da42a23ec
SHA256

8121a19abd98c5963c5dd2d4b85e10aa8288b09840cdb3034f9755fd01ca0407
SHA512

09f53c7fe6e4a165694d3b1ca9b57882002e6e5bcd88d663e698fe94bfe1d3737ded43a883b0ce26c7ad8ab82c6f44b957fda8a5ff0da8c2fb4df3069f9c5474
SSDEEP

24576:DpeUEs+LGwNZaZ22tGUAIy/51HW3vK9zAAiEjU3gPQHSJdD:DpeUEsoT/a7tGUAIUW3vcAmj3+k

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/1556-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1556-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1520-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1520-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1520-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/1520-33-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1520	c60faabaef3aa3332cb9d8b6af71caf2.exe

Executes dropped EXE 1 IoCs

pid	Process
1520	c60faabaef3aa3332cb9d8b6af71caf2.exe

Loads dropped DLL 1 IoCs

pid	Process
1556	c60faabaef3aa3332cb9d8b6af71caf2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1556-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b000000012248-10.dat	upx
behavioral1/memory/1556-15-0x0000000003170000-0x0000000003482000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1556	c60faabaef3aa3332cb9d8b6af71caf2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1556	c60faabaef3aa3332cb9d8b6af71caf2.exe
1520	c60faabaef3aa3332cb9d8b6af71caf2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 1520	1556	c60faabaef3aa3332cb9d8b6af71caf2.exe	29
PID 1556 wrote to memory of 1520	1556	c60faabaef3aa3332cb9d8b6af71caf2.exe	29
PID 1556 wrote to memory of 1520	1556	c60faabaef3aa3332cb9d8b6af71caf2.exe	29
PID 1556 wrote to memory of 1520	1556	c60faabaef3aa3332cb9d8b6af71caf2.exe	29

C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe
"C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe
  C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe

Filesize
784KB

MD5
73b21d7e287f56807fe2b4d4d58e2e5b

SHA1
4392060dfc006d3626ba7cd9950f9a5cdfff213b

SHA256
13dc7c6a3c90f86cdf777750ee81d1fe39337605f2706dc4cec13f6a099fdf71

SHA512
a1855f36a0822f0d59252ede3a66a7da6e0dd130a5b6e508e2a84b958ce18f3fa2770860c55f64c5fc705e307689271ba74821663e6c2cfdf9bfba6cf29c1c14

Download Submit
memory/1520-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1520-18-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/1520-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1520-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/1520-33-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1556-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1556-2-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1556-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1556-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1556-15-0x0000000003170000-0x0000000003482000-memory.dmp

Filesize
3.1MB

Download