xmrig | a2a871c4ee6c575c0a316a8d5917c574e99a660ffc0433ade828c05bba1812aa

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-03-2024 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0cbacfe30a08761ef16a1660b411a0d.exe
Size

784KB
MD5

e0cbacfe30a08761ef16a1660b411a0d
SHA1

839745ae83bdc8e554043291b9e2a6aa43c5f5af
SHA256

a2a871c4ee6c575c0a316a8d5917c574e99a660ffc0433ade828c05bba1812aa
SHA512

0f88daed83c4eaf2b4208138dece42e39d99a648e974e558dea6e2e47dd9a94bc0138112d8e94db42ddc9bb62bd837069bd602139660a242fe344779eb8a424b
SSDEEP

24576:49w9WQJ4qZhinGb1+eJrgvNd240ugxECW:SwUQJ4MOGb0dV0+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 8 IoCs

miner

resource	yara_rule
behavioral1/memory/2336-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2336-15-0x00000000032C0000-0x00000000035D2000-memory.dmp	xmrig
behavioral1/memory/2336-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1844-19-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1844-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1844-25-0x0000000003040000-0x00000000031D3000-memory.dmp	xmrig
behavioral1/memory/1844-34-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/1844-35-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1844	e0cbacfe30a08761ef16a1660b411a0d.exe

Executes dropped EXE 1 IoCs

pid	Process
1844	e0cbacfe30a08761ef16a1660b411a0d.exe

Loads dropped DLL 1 IoCs

pid	Process
2336	e0cbacfe30a08761ef16a1660b411a0d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2336-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000800000001227d-16.dat	upx
behavioral1/memory/1844-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2336	e0cbacfe30a08761ef16a1660b411a0d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2336	e0cbacfe30a08761ef16a1660b411a0d.exe
1844	e0cbacfe30a08761ef16a1660b411a0d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1844	2336	e0cbacfe30a08761ef16a1660b411a0d.exe	29
PID 2336 wrote to memory of 1844	2336	e0cbacfe30a08761ef16a1660b411a0d.exe	29
PID 2336 wrote to memory of 1844	2336	e0cbacfe30a08761ef16a1660b411a0d.exe	29
PID 2336 wrote to memory of 1844	2336	e0cbacfe30a08761ef16a1660b411a0d.exe	29

C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe
"C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe
  C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe

Filesize
784KB

MD5
c6518713a26605cd6929cd511aeed684

SHA1
8b4d4c4d426d2e107471f8cb77cd7e3129b7ba90

SHA256
8012b4c42635fbf1e6451015e096ebb9d38a633e58ec18cb0039e6bab0ab1809

SHA512
fd12d0ac0ab7c93a6025f0e286a83d4f5bb38d657d6613f2663ae586d38ab3eed496ba0aa538966387131593deac62f4ccf8f598dec20990225a2c1349d90db4

Download Submit
memory/1844-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1844-19-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1844-18-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/1844-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1844-25-0x0000000003040000-0x00000000031D3000-memory.dmp

Filesize
1.6MB

Download
memory/1844-34-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/1844-35-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2336-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2336-2-0x00000000018B0000-0x0000000001974000-memory.dmp

Filesize
784KB

Download
memory/2336-15-0x00000000032C0000-0x00000000035D2000-memory.dmp

Filesize
3.1MB

Download
memory/2336-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2336-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download