xmrig | 91af54bde4a827536f4a432e94b8838472b84fd6315c78c5e3950f6d8ce945c0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

caf5db58d0a9b913a65a531a02444ac6.exe
Size

784KB
MD5

caf5db58d0a9b913a65a531a02444ac6
SHA1

31406b7cb8307bc7eea9955006bd340a92a4a88e
SHA256

91af54bde4a827536f4a432e94b8838472b84fd6315c78c5e3950f6d8ce945c0
SHA512

14332eb0a4429177ac5edad88583cf25fc9799e0380d62b7b6ea98d667809256c2d7a0b3a2f9cbf63acf48617d5f8cb2bd4fd2b6e4f7c8ef1e88a1b4b420314e
SSDEEP

24576:QxLBQZxVmyEgdq0FQ7ZR0xiWxAySEnkR7hRb:GFOvmy00WFRbLy2R7/b

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1652-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/1652-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/952-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/952-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/952-20-0x0000000005430000-0x00000000055C3000-memory.dmp	xmrig
behavioral2/memory/952-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
952	caf5db58d0a9b913a65a531a02444ac6.exe

Executes dropped EXE 1 IoCs

pid	Process
952	caf5db58d0a9b913a65a531a02444ac6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1652-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-11.dat	upx
behavioral2/memory/952-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1652	caf5db58d0a9b913a65a531a02444ac6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1652	caf5db58d0a9b913a65a531a02444ac6.exe
952	caf5db58d0a9b913a65a531a02444ac6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 952	1652	caf5db58d0a9b913a65a531a02444ac6.exe	90
PID 1652 wrote to memory of 952	1652	caf5db58d0a9b913a65a531a02444ac6.exe	90
PID 1652 wrote to memory of 952	1652	caf5db58d0a9b913a65a531a02444ac6.exe	90

C:\Users\Admin\AppData\Local\Temp\caf5db58d0a9b913a65a531a02444ac6.exe
"C:\Users\Admin\AppData\Local\Temp\caf5db58d0a9b913a65a531a02444ac6.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Users\Admin\AppData\Local\Temp\caf5db58d0a9b913a65a531a02444ac6.exe
  C:\Users\Admin\AppData\Local\Temp\caf5db58d0a9b913a65a531a02444ac6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\caf5db58d0a9b913a65a531a02444ac6.exe

Filesize
784KB

MD5
e65b845e993f85ac082fac8cc667d7d9

SHA1
abc4d6440c005d331952304cafb29dadb288e830

SHA256
9b21fe0ee1d8b1217e72c3fabc30fc83a5225ce6200ac80bac022ec8d8231b36

SHA512
713cb9bc99b8dd011f3e979b73ce93947754dd4bf6dbb55d9f439257058088d09ef7acf201955dc6c69a745a12c4db51c4a6e3cb0b60f1072e1971813a6fc603

Download Submit
memory/952-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/952-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/952-15-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/952-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/952-20-0x0000000005430000-0x00000000055C3000-memory.dmp

Filesize
1.6MB

Download
memory/952-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1652-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1652-1-0x0000000001A80000-0x0000000001B44000-memory.dmp

Filesize
784KB

Download
memory/1652-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1652-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download