xmrig | 9ca0b091c5e4c48c3933654eab6c212602e56a0a6e5978f53cfebffa4d22918a

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca008c9a57b89bb13616d682bfb8a87c.exe
Size

784KB
MD5

ca008c9a57b89bb13616d682bfb8a87c
SHA1

fb887e3d6f032dde01542cdbd3e4059e02e51336
SHA256

9ca0b091c5e4c48c3933654eab6c212602e56a0a6e5978f53cfebffa4d22918a
SHA512

6a14ad9501840844b25163e7cfad919fd3f4acc13d702d0705081595e639e16bb041acd1fb4c342153f0f270fc51da107003d3b2dea03ea58a4be03c4ad8fa8c
SSDEEP

12288:yf+iblHsaUhGsWfjSweVsWnXGvlfU4feFFsV8DR9sQtvcl1gE33aQb:yfhFagOptnilfXWbk8DR9fWl1l3pb

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2172-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2172-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4460-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4460-20-0x00000000053D0000-0x0000000005563000-memory.dmp	xmrig
behavioral2/memory/4460-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4460-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4460	ca008c9a57b89bb13616d682bfb8a87c.exe

Executes dropped EXE 1 IoCs

pid	Process
4460	ca008c9a57b89bb13616d682bfb8a87c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2172-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000800000002325b-11.dat	upx
behavioral2/memory/4460-12-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2172	ca008c9a57b89bb13616d682bfb8a87c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2172	ca008c9a57b89bb13616d682bfb8a87c.exe
4460	ca008c9a57b89bb13616d682bfb8a87c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 4460	2172	ca008c9a57b89bb13616d682bfb8a87c.exe	98
PID 2172 wrote to memory of 4460	2172	ca008c9a57b89bb13616d682bfb8a87c.exe	98
PID 2172 wrote to memory of 4460	2172	ca008c9a57b89bb13616d682bfb8a87c.exe	98

C:\Users\Admin\AppData\Local\Temp\ca008c9a57b89bb13616d682bfb8a87c.exe
"C:\Users\Admin\AppData\Local\Temp\ca008c9a57b89bb13616d682bfb8a87c.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\ca008c9a57b89bb13616d682bfb8a87c.exe
  C:\Users\Admin\AppData\Local\Temp\ca008c9a57b89bb13616d682bfb8a87c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ca008c9a57b89bb13616d682bfb8a87c.exe

Filesize
784KB

MD5
1e06b14f186126bd7c02e1131682409d

SHA1
4b5a64cdf05c1b2bb90a053f424dbb2f8fa52504

SHA256
95885fe0d8225cc04613072666d0e3050acc14af03ef35f237902bd3fa04e0e7

SHA512
993aa7d07006d9ab845c59fd3c9e73bd8c46465fa39a26fcacef695835270f30d700ea7f27e0f41d1389d9ddb339dd9a1ce57fb422d02dd9aa55afbf6865fc40

Download Submit
memory/2172-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2172-1-0x0000000001A70000-0x0000000001B34000-memory.dmp

Filesize
784KB

Download
memory/2172-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2172-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4460-12-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4460-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4460-14-0x00000000019E0000-0x0000000001AA4000-memory.dmp

Filesize
784KB

Download
memory/4460-20-0x00000000053D0000-0x0000000005563000-memory.dmp

Filesize
1.6MB

Download
memory/4460-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4460-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download