xmrig | 18d809596459e3b242ff275e998861530191823c74b745c1253f77a066920edb

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 22:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e040d45796390932fac7315ffbc6b968.exe
Size

1.5MB
MD5

e040d45796390932fac7315ffbc6b968
SHA1

5ac2a833522e0fdc48f5c1ae9326f5480640af08
SHA256

18d809596459e3b242ff275e998861530191823c74b745c1253f77a066920edb
SHA512

baaec34aeb3749c050cb0b37975f98e7bfe9759053b15dffa4c97030528a95d3c54ef2a5f3e2c940857269eb0da38c38d4383c71967e7a5cd044ce5409819ab3
SSDEEP

49152:spSIM1vUpdEqa9G6YW1PYfq53cyF9hUOX:/IULHY6peQ3cyaO

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/2820-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2820-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2540-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2540-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2540-27-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/2540-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2540	e040d45796390932fac7315ffbc6b968.exe

Executes dropped EXE 1 IoCs

pid	Process
2540	e040d45796390932fac7315ffbc6b968.exe

Loads dropped DLL 1 IoCs

pid	Process
2820	e040d45796390932fac7315ffbc6b968.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2820-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000a000000013a21-10.dat	upx
behavioral1/memory/2820-15-0x0000000003380000-0x0000000003692000-memory.dmp	upx
behavioral1/memory/2540-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2820	e040d45796390932fac7315ffbc6b968.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2820	e040d45796390932fac7315ffbc6b968.exe
2540	e040d45796390932fac7315ffbc6b968.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2540	2820	e040d45796390932fac7315ffbc6b968.exe	29
PID 2820 wrote to memory of 2540	2820	e040d45796390932fac7315ffbc6b968.exe	29
PID 2820 wrote to memory of 2540	2820	e040d45796390932fac7315ffbc6b968.exe	29
PID 2820 wrote to memory of 2540	2820	e040d45796390932fac7315ffbc6b968.exe	29

C:\Users\Admin\AppData\Local\Temp\e040d45796390932fac7315ffbc6b968.exe
"C:\Users\Admin\AppData\Local\Temp\e040d45796390932fac7315ffbc6b968.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\e040d45796390932fac7315ffbc6b968.exe
  C:\Users\Admin\AppData\Local\Temp\e040d45796390932fac7315ffbc6b968.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\e040d45796390932fac7315ffbc6b968.exe

Filesize
784KB

MD5
2d4d056f8c3229a3fdc31740a83f7f81

SHA1
85ea53ecf58a8ff1f76045a6f6d563368b7a1b0b

SHA256
b5092c8eebf43334fc86f760269bd6c402287f6ea261d19f171f7f00a1e71189

SHA512
4f288f993e1a6c2518a791e5512960387d1a604faf09064b3ca0ec74d8aeebdb3400f70675c09aff3fc5e2cae99ed8b05002576f2f11c6d2d88c62e59718aa52

Download Submit
memory/2540-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2540-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2540-20-0x0000000000210000-0x00000000002D4000-memory.dmp

Filesize
784KB

Download
memory/2540-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2540-27-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/2540-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2820-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2820-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2820-4-0x0000000000300000-0x00000000003C4000-memory.dmp

Filesize
784KB

Download
memory/2820-15-0x0000000003380000-0x0000000003692000-memory.dmp

Filesize
3.1MB

Download
memory/2820-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download