xmrig | 94fd5807db7db7564048a6f8d0133e59a31ad063a2e866c72e9727083ecb57b6

Analysis

max time kernel
108s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c744b7eee1fd0a1f55871775d4b15cf4.exe
Size

784KB
MD5

c744b7eee1fd0a1f55871775d4b15cf4
SHA1

dac72bd8768ea25d127f464cd6872cbbdfe0d94c
SHA256

94fd5807db7db7564048a6f8d0133e59a31ad063a2e866c72e9727083ecb57b6
SHA512

a94a01d6f6c594a6afd44134cd8cce4bff7f54abd9bffaf32b5ee2e78c28e31fc143e495bbe091f5bc2006879843f8f0d4d0d8828e4929d32284e22eb4f5bb39
SSDEEP

24576:nLXAaYF4y/G50VQ5GpW/W5FsLH5XjfNxtR:n3un+qiEW/WIVXTNX

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/3760-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3760-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3736-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3736-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3736-22-0x00000000053F0000-0x0000000005583000-memory.dmp	xmrig
behavioral2/memory/3736-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3736	c744b7eee1fd0a1f55871775d4b15cf4.exe

Executes dropped EXE 1 IoCs

pid	Process
3736	c744b7eee1fd0a1f55871775d4b15cf4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3760-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00090000000231f3-11.dat	upx
behavioral2/memory/3736-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3760	c744b7eee1fd0a1f55871775d4b15cf4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3760	c744b7eee1fd0a1f55871775d4b15cf4.exe
3736	c744b7eee1fd0a1f55871775d4b15cf4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 3736	3760	c744b7eee1fd0a1f55871775d4b15cf4.exe	86
PID 3760 wrote to memory of 3736	3760	c744b7eee1fd0a1f55871775d4b15cf4.exe	86
PID 3760 wrote to memory of 3736	3760	c744b7eee1fd0a1f55871775d4b15cf4.exe	86

C:\Users\Admin\AppData\Local\Temp\c744b7eee1fd0a1f55871775d4b15cf4.exe
"C:\Users\Admin\AppData\Local\Temp\c744b7eee1fd0a1f55871775d4b15cf4.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Users\Admin\AppData\Local\Temp\c744b7eee1fd0a1f55871775d4b15cf4.exe
  C:\Users\Admin\AppData\Local\Temp\c744b7eee1fd0a1f55871775d4b15cf4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c744b7eee1fd0a1f55871775d4b15cf4.exe

Filesize
523KB

MD5
fcb2ee193459cd691a714f24e0c4a0a8

SHA1
157c125b0f69a361d86bed3a806471ebbd10fae5

SHA256
86b0b27474b1f9b6ee3288c9431ae1cbf657ad06d0138ad680014b4115b17186

SHA512
22e6867928f4d6e004baa62a52729a5508575eb5df3056737aedd65097ff0573befb0f379bb7e02d813465a49ce7e8478da70e1db4285d49b99aa5077adbfd1c

Download Submit
memory/3736-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3736-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3736-14-0x0000000001A00000-0x0000000001AC4000-memory.dmp

Filesize
784KB

Download
memory/3736-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3736-22-0x00000000053F0000-0x0000000005583000-memory.dmp

Filesize
1.6MB

Download
memory/3736-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3760-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3760-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/3760-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3760-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download