xmrig | a2635c452d0d76f137a73a174e5fb69563753df09287006116578591824f9c87

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e12df8575bb9020132168fff43ef944c.exe
Size

784KB
MD5

e12df8575bb9020132168fff43ef944c
SHA1

ef45f086c51045ca528e80c0cf6d6be7d4b2d29a
SHA256

a2635c452d0d76f137a73a174e5fb69563753df09287006116578591824f9c87
SHA512

e726a3f4a726fd4f92cbf991988e93dad0406f52cf23e50eb1d2e661d74a196f07e347c5145aca451bbcbec8cb574df1c4dd6d7dce35d1fe42b6aea70d81ea9d
SSDEEP

12288:n1AloMXbMjso8ur6qIdX6e0l7Em2/yhgks5SmzDQjymHHAiF:nqeMwQqIdX6e0lGv2mz0jymn9F

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral1/memory/612-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/612-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1724-18-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1724-25-0x0000000003150000-0x00000000032E3000-memory.dmp	xmrig
behavioral1/memory/1724-24-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/1724-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1724	e12df8575bb9020132168fff43ef944c.exe

Executes dropped EXE 1 IoCs

pid	Process
1724	e12df8575bb9020132168fff43ef944c.exe

Loads dropped DLL 1 IoCs

pid	Process
612	e12df8575bb9020132168fff43ef944c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/612-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-10.dat	upx
behavioral1/memory/612-15-0x0000000003250000-0x0000000003562000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-16.dat	upx
behavioral1/memory/1724-17-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
612	e12df8575bb9020132168fff43ef944c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
612	e12df8575bb9020132168fff43ef944c.exe
1724	e12df8575bb9020132168fff43ef944c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 1724	612	e12df8575bb9020132168fff43ef944c.exe	29
PID 612 wrote to memory of 1724	612	e12df8575bb9020132168fff43ef944c.exe	29
PID 612 wrote to memory of 1724	612	e12df8575bb9020132168fff43ef944c.exe	29
PID 612 wrote to memory of 1724	612	e12df8575bb9020132168fff43ef944c.exe	29

C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe
"C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:612
- C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe
  C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe

Filesize
639KB

MD5
5f2c9eba0193f0110da4208bd4c94cd1

SHA1
f83e1be723c270950e1e7c54a0ca3eabc02aa6fc

SHA256
6f50864bc23537ba63ba27dda6ed56f6987daca5425dce29f3fe7c0d7747aad2

SHA512
68533fbabde42eb8b28a1e5b74a8696bf3d3be3b38c0ea5b43fa601b4bc19bd6f8a5b5f4f6243e8ea393dd207a11dabc2ab61c034fc5da698a7a68c4448d6c85

Download Submit
\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe

Filesize
400KB

MD5
c2cd98ed7da24425ae79762fa42c92c4

SHA1
20fe68c14bc92147a78c77fb221876496856dfc4

SHA256
5581b8f1239f008ebe93cabe80e8ca8cb4477856bac3a7b8d557db014837978c

SHA512
b2fd785831eb6261fda9ef2e1efd96689d9fc9d1452f4880433bb617c6e28033947bd2df12049bbd0ac3a6b60a58a0094116cb995202faf099f9204f6061d99b

Download Submit
memory/612-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/612-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/612-15-0x0000000003250000-0x0000000003562000-memory.dmp

Filesize
3.1MB

Download
memory/612-2-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/612-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1724-17-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1724-19-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/1724-18-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1724-25-0x0000000003150000-0x00000000032E3000-memory.dmp

Filesize
1.6MB

Download
memory/1724-24-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/1724-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download