xmrig | 0c4cd8f36ee1430bccb2bf5d3a8cf7811f4fb541c53ac43b13eeb7d4d26b1cc4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d38263b5c2e49e2a7e96453a2afe1ea6.exe
Size

784KB
MD5

d38263b5c2e49e2a7e96453a2afe1ea6
SHA1

b168078c974f93a616f174eb7ff432ffc10ee0c7
SHA256

0c4cd8f36ee1430bccb2bf5d3a8cf7811f4fb541c53ac43b13eeb7d4d26b1cc4
SHA512

89143f0b7fee2433224891a754c6bbdc3f7438a7525885ee5402265cb0a3463d14a4079b04bf29c2113d2d15d019131edaf793b6273cfea98059538022d741a3
SSDEEP

12288:RlZQnBr7epSpE3mI95ZEJ5hxTHwF9WU6aA5m+aNBbQ141kUq:rZOBXepP3mEmJVHcAkNC1gh

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2952-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2952-15-0x00000000031D0000-0x00000000034E2000-memory.dmp	xmrig
behavioral1/memory/2952-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2616-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2616-27-0x00000000031C0000-0x0000000003353000-memory.dmp	xmrig
behavioral1/memory/2616-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2616-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2616	d38263b5c2e49e2a7e96453a2afe1ea6.exe

Executes dropped EXE 1 IoCs

pid	Process
2616	d38263b5c2e49e2a7e96453a2afe1ea6.exe

Loads dropped DLL 1 IoCs

pid	Process
2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000c000000012352-10.dat	upx
behavioral1/memory/2616-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe
2616	d38263b5c2e49e2a7e96453a2afe1ea6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2616	2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe	29
PID 2952 wrote to memory of 2616	2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe	29
PID 2952 wrote to memory of 2616	2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe	29
PID 2952 wrote to memory of 2616	2952	d38263b5c2e49e2a7e96453a2afe1ea6.exe	29

C:\Users\Admin\AppData\Local\Temp\d38263b5c2e49e2a7e96453a2afe1ea6.exe
"C:\Users\Admin\AppData\Local\Temp\d38263b5c2e49e2a7e96453a2afe1ea6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\d38263b5c2e49e2a7e96453a2afe1ea6.exe
  C:\Users\Admin\AppData\Local\Temp\d38263b5c2e49e2a7e96453a2afe1ea6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\d38263b5c2e49e2a7e96453a2afe1ea6.exe

Filesize
784KB

MD5
1e3173eb2b6372861bf1b625f6849000

SHA1
9fdd10a9865d223f1ac6d8a69deca50e2ce74930

SHA256
cf2a0471b6113c294ea85eb187e16114afb54693efe21149f0c2dbd3cb5b515e

SHA512
ff6c5940c525da4f23832191a7c6e06663dfb4aecc0d621bf85c92ab0cf5023721ddff564c7839332869e6d4275bbbd8bb5e7c222b6515ae7469bb25dffa5a2f

Download Submit
memory/2616-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2616-18-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2616-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2616-27-0x00000000031C0000-0x0000000003353000-memory.dmp

Filesize
1.6MB

Download
memory/2616-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2616-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2952-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2952-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2952-4-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2952-15-0x00000000031D0000-0x00000000034E2000-memory.dmp

Filesize
3.1MB

Download
memory/2952-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download