xmrig | a2635c452d0d76f137a73a174e5fb69563753df09287006116578591824f9c87

Analysis

max time kernel
152s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e12df8575bb9020132168fff43ef944c.exe
Size

784KB
MD5

e12df8575bb9020132168fff43ef944c
SHA1

ef45f086c51045ca528e80c0cf6d6be7d4b2d29a
SHA256

a2635c452d0d76f137a73a174e5fb69563753df09287006116578591824f9c87
SHA512

e726a3f4a726fd4f92cbf991988e93dad0406f52cf23e50eb1d2e661d74a196f07e347c5145aca451bbcbec8cb574df1c4dd6d7dce35d1fe42b6aea70d81ea9d
SSDEEP

12288:n1AloMXbMjso8ur6qIdX6e0l7Em2/yhgks5SmzDQjymHHAiF:nqeMwQqIdX6e0lGv2mz0jymn9F

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/708-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/708-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3580-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3580-20-0x0000000005410000-0x00000000055A3000-memory.dmp	xmrig
behavioral2/memory/3580-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/3580-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
3580	e12df8575bb9020132168fff43ef944c.exe

Executes dropped EXE 1 IoCs

pid	Process
3580	e12df8575bb9020132168fff43ef944c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/708-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0007000000023246-11.dat	upx
behavioral2/memory/3580-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
708	e12df8575bb9020132168fff43ef944c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
708	e12df8575bb9020132168fff43ef944c.exe
3580	e12df8575bb9020132168fff43ef944c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 708 wrote to memory of 3580	708	e12df8575bb9020132168fff43ef944c.exe	99
PID 708 wrote to memory of 3580	708	e12df8575bb9020132168fff43ef944c.exe	99
PID 708 wrote to memory of 3580	708	e12df8575bb9020132168fff43ef944c.exe	99

C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe
"C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:708
- C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe
  C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e12df8575bb9020132168fff43ef944c.exe

Filesize
784KB

MD5
c878113e21f46a79b9b79a2897d227b1

SHA1
83c3437de885f49b100f935b30c8876bd07f0405

SHA256
8f62d20bcb3966a87dab8283f037c4715193feb49a38eb0035364274f63132f3

SHA512
446e07fa09aee6cec4f0b16ec78313055cd9cd59078ed30a6999f9b8e946f56694fea75531a209bde866dce8b63954c68d558cce48be58c5277dd7e0b52ea259

Download Submit
memory/708-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/708-1-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/708-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/708-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3580-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3580-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3580-14-0x00000000018F0000-0x00000000019B4000-memory.dmp

Filesize
784KB

Download
memory/3580-20-0x0000000005410000-0x00000000055A3000-memory.dmp

Filesize
1.6MB

Download
memory/3580-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/3580-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download