xmrig | 8121a19abd98c5963c5dd2d4b85e10aa8288b09840cdb3034f9755fd01ca0407

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c60faabaef3aa3332cb9d8b6af71caf2.exe
Size

784KB
MD5

c60faabaef3aa3332cb9d8b6af71caf2
SHA1

a20c83399fa6cb56f21a1dd8943e2d4da42a23ec
SHA256

8121a19abd98c5963c5dd2d4b85e10aa8288b09840cdb3034f9755fd01ca0407
SHA512

09f53c7fe6e4a165694d3b1ca9b57882002e6e5bcd88d663e698fe94bfe1d3737ded43a883b0ce26c7ad8ab82c6f44b957fda8a5ff0da8c2fb4df3069f9c5474
SSDEEP

24576:DpeUEs+LGwNZaZ22tGUAIy/51HW3vK9zAAiEjU3gPQHSJdD:DpeUEsoT/a7tGUAIUW3vcAmj3+k

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/3432-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3432-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4784-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4784-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4784-20-0x00000000053F0000-0x0000000005583000-memory.dmp	xmrig
behavioral2/memory/4784-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4784	c60faabaef3aa3332cb9d8b6af71caf2.exe

Executes dropped EXE 1 IoCs

pid	Process
4784	c60faabaef3aa3332cb9d8b6af71caf2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3432-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000002320c-11.dat	upx
behavioral2/memory/4784-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3432	c60faabaef3aa3332cb9d8b6af71caf2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3432	c60faabaef3aa3332cb9d8b6af71caf2.exe
4784	c60faabaef3aa3332cb9d8b6af71caf2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4784	3432	c60faabaef3aa3332cb9d8b6af71caf2.exe	89
PID 3432 wrote to memory of 4784	3432	c60faabaef3aa3332cb9d8b6af71caf2.exe	89
PID 3432 wrote to memory of 4784	3432	c60faabaef3aa3332cb9d8b6af71caf2.exe	89

C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe
"C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe
  C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c60faabaef3aa3332cb9d8b6af71caf2.exe

Filesize
784KB

MD5
6c2d108cc6303485bbb93be74bf5408d

SHA1
c4c77b36558c21aafeaab0605fea5bd8153e68bf

SHA256
9d184e4d6b6ddbcc395c8898c8b71cadf8e4e3d10d390cbe3a593b0788c91c13

SHA512
66519fdb07434f65566a8a48807a890e620d1add9f2bbdb5601ce7b89d3042c9f09011c646f4031e660dcba2a5d8dfb4081d296d3a6bfa644895a1e777af356f

Download Submit
memory/3432-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3432-1-0x0000000001B30000-0x0000000001BF4000-memory.dmp

Filesize
784KB

Download
memory/3432-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3432-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4784-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4784-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4784-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4784-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4784-20-0x00000000053F0000-0x0000000005583000-memory.dmp

Filesize
1.6MB

Download
memory/4784-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download