xmrig | a2a871c4ee6c575c0a316a8d5917c574e99a660ffc0433ade828c05bba1812aa

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0cbacfe30a08761ef16a1660b411a0d.exe
Size

784KB
MD5

e0cbacfe30a08761ef16a1660b411a0d
SHA1

839745ae83bdc8e554043291b9e2a6aa43c5f5af
SHA256

a2a871c4ee6c575c0a316a8d5917c574e99a660ffc0433ade828c05bba1812aa
SHA512

0f88daed83c4eaf2b4208138dece42e39d99a648e974e558dea6e2e47dd9a94bc0138112d8e94db42ddc9bb62bd837069bd602139660a242fe344779eb8a424b
SSDEEP

24576:49w9WQJ4qZhinGb1+eJrgvNd240ugxECW:SwUQJ4MOGb0dV0+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/2920-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2920-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4980-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4980-20-0x0000000005320000-0x00000000054B3000-memory.dmp	xmrig
behavioral2/memory/4980-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4980-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/4980-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4980	e0cbacfe30a08761ef16a1660b411a0d.exe

Executes dropped EXE 1 IoCs

pid	Process
4980	e0cbacfe30a08761ef16a1660b411a0d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2920-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x00080000000231ff-11.dat	upx
behavioral2/memory/4980-12-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2920	e0cbacfe30a08761ef16a1660b411a0d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2920	e0cbacfe30a08761ef16a1660b411a0d.exe
4980	e0cbacfe30a08761ef16a1660b411a0d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 4980	2920	e0cbacfe30a08761ef16a1660b411a0d.exe	92
PID 2920 wrote to memory of 4980	2920	e0cbacfe30a08761ef16a1660b411a0d.exe	92
PID 2920 wrote to memory of 4980	2920	e0cbacfe30a08761ef16a1660b411a0d.exe	92

C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe
"C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe
  C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e0cbacfe30a08761ef16a1660b411a0d.exe

Filesize
784KB

MD5
a306cd9d5a1690abe33f399f4661bf58

SHA1
0c716d2c6d2225dfadb8a4fb004546ec2fe45fea

SHA256
bf34d14fcc8704d05a63dac4ab36143fd3541335be07c620baa08a83f61849a3

SHA512
83c4c70701df4d661f37c7ab02e59ddc3d69a03243e9d9f0262e3e3d651552d17165a1528427084e26e8600b5d202636f6c88d61735bcf8d2df32e59646afb61

Download Submit
memory/2920-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2920-1-0x00000000018D0000-0x0000000001994000-memory.dmp

Filesize
784KB

Download
memory/2920-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2920-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4980-12-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4980-14-0x0000000001AB0000-0x0000000001B74000-memory.dmp

Filesize
784KB

Download
memory/4980-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4980-20-0x0000000005320000-0x00000000054B3000-memory.dmp

Filesize
1.6MB

Download
memory/4980-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4980-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/4980-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download