xmrig | 425a97f75e5164e8e8dc90b33b032996e20a67a7f876d51d63e58f08c50b5904

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca75a37bbaf06fc773de94415ec3ca5c.exe
Size

2.3MB
MD5

ca75a37bbaf06fc773de94415ec3ca5c
SHA1

ab1f6ace4cfd802f82f2598ee5f2c57b728c5347
SHA256

425a97f75e5164e8e8dc90b33b032996e20a67a7f876d51d63e58f08c50b5904
SHA512

c8631f2ca14d0800eabe658e592eb4cfbd0171e4acb64bba5e5b4910561c02d6dce0497075f08a4c151836dd36fdacc4dd0bb2cc857588b21b9b261f49c99bdc
SSDEEP

49152:WdELehfxrmfxwZVKXxSnkgxAP+dhd/CiJeNh2H/BHHYlZqqJJK:hehBZOxSkh+X2EZq

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/3040-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/3040-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2884-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2884-24-0x0000000003120000-0x00000000032B3000-memory.dmp	xmrig
behavioral1/memory/2884-25-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2884-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2884-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2884	ca75a37bbaf06fc773de94415ec3ca5c.exe

Executes dropped EXE 1 IoCs

pid	Process
2884	ca75a37bbaf06fc773de94415ec3ca5c.exe

Loads dropped DLL 1 IoCs

pid	Process
3040	ca75a37bbaf06fc773de94415ec3ca5c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3040-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000014825-10.dat	upx
behavioral1/memory/3040-15-0x00000000035D0000-0x00000000038E2000-memory.dmp	upx
behavioral1/memory/2884-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3040	ca75a37bbaf06fc773de94415ec3ca5c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3040	ca75a37bbaf06fc773de94415ec3ca5c.exe
2884	ca75a37bbaf06fc773de94415ec3ca5c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2884	3040	ca75a37bbaf06fc773de94415ec3ca5c.exe	29
PID 3040 wrote to memory of 2884	3040	ca75a37bbaf06fc773de94415ec3ca5c.exe	29
PID 3040 wrote to memory of 2884	3040	ca75a37bbaf06fc773de94415ec3ca5c.exe	29
PID 3040 wrote to memory of 2884	3040	ca75a37bbaf06fc773de94415ec3ca5c.exe	29

C:\Users\Admin\AppData\Local\Temp\ca75a37bbaf06fc773de94415ec3ca5c.exe
"C:\Users\Admin\AppData\Local\Temp\ca75a37bbaf06fc773de94415ec3ca5c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\ca75a37bbaf06fc773de94415ec3ca5c.exe
  C:\Users\Admin\AppData\Local\Temp\ca75a37bbaf06fc773de94415ec3ca5c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ca75a37bbaf06fc773de94415ec3ca5c.exe

Filesize
784KB

MD5
6efc69fa46fe2345cca7caaad4d0658d

SHA1
9451ae3c0c122bb3101198de90175743bd4bf727

SHA256
2561e373a49b73c971624bc46d7916d0947bd9ee7345430a55ad7e42ab7cdc4a

SHA512
566170fe611a0f6569733b069197fc4d1ae0373256d07de50a794ec08ee72f37adac254ffb47dc8e21830a7aa4811a153c574e313284eb2f67d3ff5c57a39346

Download Submit
memory/2884-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2884-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2884-19-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2884-24-0x0000000003120000-0x00000000032B3000-memory.dmp

Filesize
1.6MB

Download
memory/2884-25-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2884-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2884-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3040-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3040-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/3040-15-0x00000000035D0000-0x00000000038E2000-memory.dmp

Filesize
3.1MB

Download
memory/3040-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3040-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download