xmrig | 878930d3302587e32ff548ab449c96664bb80ce38815f07676a1ca850b249a13

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 06:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c7ebccfc183f5ca1b1b3823a5c17cff8.exe
Size

784KB
MD5

c7ebccfc183f5ca1b1b3823a5c17cff8
SHA1

6d4c9f3413bb48b82faa6385c074041a666a8cd1
SHA256

878930d3302587e32ff548ab449c96664bb80ce38815f07676a1ca850b249a13
SHA512

c89df945c8ee9909d33b136bc131369104952a0dd2a75ce5ccabfb79541bf316e27f875b5f7a96e8ee995f7192531c70a647b3ec5725c66c437ff3ff940883fa
SSDEEP

12288:EIG8gH82yh6z8PRkww8MJwyaenfi/hMsRhKaB5adrUaJBfr8k0cuBeW+KvttLzDo:/d+gh6Obw8MbaPhMpTAKWRDnrtjO

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2928-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2928-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2640-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2640-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2640-32-0x0000000003110000-0x00000000032A3000-memory.dmp	xmrig
behavioral1/memory/2640-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2640-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2640	c7ebccfc183f5ca1b1b3823a5c17cff8.exe

Executes dropped EXE 1 IoCs

pid	Process
2640	c7ebccfc183f5ca1b1b3823a5c17cff8.exe

Loads dropped DLL 1 IoCs

pid	Process
2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2928-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b00000001224f-10.dat	upx
behavioral1/memory/2928-15-0x0000000003250000-0x0000000003562000-memory.dmp	upx
behavioral1/memory/2640-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe
2640	c7ebccfc183f5ca1b1b3823a5c17cff8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2640	2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe	29
PID 2928 wrote to memory of 2640	2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe	29
PID 2928 wrote to memory of 2640	2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe	29
PID 2928 wrote to memory of 2640	2928	c7ebccfc183f5ca1b1b3823a5c17cff8.exe	29

C:\Users\Admin\AppData\Local\Temp\c7ebccfc183f5ca1b1b3823a5c17cff8.exe
"C:\Users\Admin\AppData\Local\Temp\c7ebccfc183f5ca1b1b3823a5c17cff8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\c7ebccfc183f5ca1b1b3823a5c17cff8.exe
  C:\Users\Admin\AppData\Local\Temp\c7ebccfc183f5ca1b1b3823a5c17cff8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\c7ebccfc183f5ca1b1b3823a5c17cff8.exe

Filesize
784KB

MD5
541fc2ad9de731d2bb16c36acce3b4b4

SHA1
edf4d2be6c8271ef2dbb93ce8b0141ffe955552e

SHA256
6996949300a1f2b2939c4a0d15cb2d93a9caca3b2e4dfa4730abece6c2564a76

SHA512
105e42373038d096c26c82eead5588248f51f070de60c77a112fc3a84ff4bf458cf2fa422c6a29a8610551788e479ff33d2da3826d75ca390abc86c7065beef7

Download Submit
memory/2640-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2640-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2640-18-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2640-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2640-32-0x0000000003110000-0x00000000032A3000-memory.dmp

Filesize
1.6MB

Download
memory/2640-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2640-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2928-3-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2928-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2928-15-0x0000000003250000-0x0000000003562000-memory.dmp

Filesize
3.1MB

Download
memory/2928-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2928-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download