xmrig | 6ecc81d7f3adb7705dac57d1edd676ba2e99d7fd01dafe59aa3c00e48eb69342

Analysis

max time kernel
155s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 13:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c8af0da3d401a0caac7345f706d2af1f.exe
Size

1.5MB
MD5

c8af0da3d401a0caac7345f706d2af1f
SHA1

ce9aa4ec65993dd2accf7cc4f63531d5794885f1
SHA256

6ecc81d7f3adb7705dac57d1edd676ba2e99d7fd01dafe59aa3c00e48eb69342
SHA512

63ca6f6bae32409c7b4d89055745362eaf42351f1f9989c28a14a599e11225d3264525439f9c7baceee095cea4c864b1d301fb46e4eb75fefc81d0b67341786f
SSDEEP

24576:iq0Sal2I600Qhf/CNOTKAD4r+mclGbac+LcdoVVh5oA1HVtnj81V+rkrk4u5YJq4:iP1l2Bo6Nlr+Hlua2ah5F1HVN8TMFUT

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/4948-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4948-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4996-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4996-20-0x0000000005420000-0x00000000055B3000-memory.dmp	xmrig
behavioral2/memory/4996-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4996-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4996	c8af0da3d401a0caac7345f706d2af1f.exe

Executes dropped EXE 1 IoCs

pid	Process
4996	c8af0da3d401a0caac7345f706d2af1f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4948-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0004000000022ea3-11.dat	upx
behavioral2/memory/4996-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4948	c8af0da3d401a0caac7345f706d2af1f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4948	c8af0da3d401a0caac7345f706d2af1f.exe
4996	c8af0da3d401a0caac7345f706d2af1f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4996	4948	c8af0da3d401a0caac7345f706d2af1f.exe	98
PID 4948 wrote to memory of 4996	4948	c8af0da3d401a0caac7345f706d2af1f.exe	98
PID 4948 wrote to memory of 4996	4948	c8af0da3d401a0caac7345f706d2af1f.exe	98

C:\Users\Admin\AppData\Local\Temp\c8af0da3d401a0caac7345f706d2af1f.exe
"C:\Users\Admin\AppData\Local\Temp\c8af0da3d401a0caac7345f706d2af1f.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Users\Admin\AppData\Local\Temp\c8af0da3d401a0caac7345f706d2af1f.exe
  C:\Users\Admin\AppData\Local\Temp\c8af0da3d401a0caac7345f706d2af1f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c8af0da3d401a0caac7345f706d2af1f.exe

Filesize
784KB

MD5
bb4c9a56247b43c7f3e92f548dc71e99

SHA1
a4d23874e616fe9bdad0f2a20049e5712e9c1ec9

SHA256
fc1bc5985b53e3ab55a2a977f295a51bdd2bc24f5aa3d27bbe81cde7a6ae1313

SHA512
46d5477e0efc7f8fcdc713b883a36d3c47dd1a428c562f9245e0389ec6f9fc6a88ca5f4c02bd947064a9c6e4a14304c6cc59e6ae1fcffde78dd83fd81512c8c9

Download Submit
memory/4948-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4948-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/4948-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4948-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4996-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4996-14-0x0000000001A30000-0x0000000001AF4000-memory.dmp

Filesize
784KB

Download
memory/4996-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4996-20-0x0000000005420000-0x00000000055B3000-memory.dmp

Filesize
1.6MB

Download
memory/4996-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4996-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download