xmrig | 8708f1024ce817c213aef1830bb9a5b69d9f24768f1223e710a5fdc12248b9b8

Analysis

max time kernel
91s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3599568440c77678bfb9eb02458e606.exe
Size

3.1MB
MD5

d3599568440c77678bfb9eb02458e606
SHA1

72aec5ee9982f9f4147600ec78b5ca1adc9fb1ff
SHA256

8708f1024ce817c213aef1830bb9a5b69d9f24768f1223e710a5fdc12248b9b8
SHA512

adf14151a2b93774672668b0b2939fe4ae0091f1f5326a12272f01635ccf823fdd734a46990029e45079223f31e381e7f7c8d25e208cb639a4194ededcc3e8c8
SSDEEP

49152:nXfb2DyQferICwBdHzWa2ncTZChGg+qTWshRwQ0+apUrvfuGukmEEiz9i81Z4TQE:nXf6NfrHUNLWWccrvrLzD1Zi0E

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/5264-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5264-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5056-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/5056-20-0x00000000053D0000-0x0000000005563000-memory.dmp	xmrig
behavioral2/memory/5056-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/5056-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
5056	d3599568440c77678bfb9eb02458e606.exe

Executes dropped EXE 1 IoCs

pid	Process
5056	d3599568440c77678bfb9eb02458e606.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5264-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00080000000231fe-11.dat	upx
behavioral2/memory/5056-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5264	d3599568440c77678bfb9eb02458e606.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5264	d3599568440c77678bfb9eb02458e606.exe
5056	d3599568440c77678bfb9eb02458e606.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5264 wrote to memory of 5056	5264	d3599568440c77678bfb9eb02458e606.exe	85
PID 5264 wrote to memory of 5056	5264	d3599568440c77678bfb9eb02458e606.exe	85
PID 5264 wrote to memory of 5056	5264	d3599568440c77678bfb9eb02458e606.exe	85

C:\Users\Admin\AppData\Local\Temp\d3599568440c77678bfb9eb02458e606.exe
"C:\Users\Admin\AppData\Local\Temp\d3599568440c77678bfb9eb02458e606.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5264
- C:\Users\Admin\AppData\Local\Temp\d3599568440c77678bfb9eb02458e606.exe
  C:\Users\Admin\AppData\Local\Temp\d3599568440c77678bfb9eb02458e606.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:5056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d3599568440c77678bfb9eb02458e606.exe

Filesize
784KB

MD5
6d472ea0f7c7efb7785215a9853b8adf

SHA1
011ffe69aec25398549900697bb86c4327a8affd

SHA256
ecd7270959e0247311c8f4adcbe0a171ffdd8431da106ed2608b9be2851a8847

SHA512
73f2d523fdd368aa912ede7e9d8c9ecf744749c5f107055eb5c4029b1345ba41b1704d8fc19f57470c54becb7b5f7fe1638abe170e910bc71198db1cbb531f1d

Download Submit
memory/5056-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/5056-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/5056-16-0x00000000019E0000-0x0000000001AA4000-memory.dmp

Filesize
784KB

Download
memory/5056-20-0x00000000053D0000-0x0000000005563000-memory.dmp

Filesize
1.6MB

Download
memory/5056-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5056-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/5264-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/5264-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/5264-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/5264-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download