xmrig | 8ad18e190e880579c8d2ff13d7030ca36c9ba45d947077f759c584fe37025c87

General

Target

8ad18e190e880579c8d2ff13d7030ca36c9ba45d947077f759c584fe37025c87.exe
Size

2.1MB
MD5

3d5c814a79506381e6f9ed48d1b60654
SHA1

785d58ccc9d5b6c0edaec139f110a8e18e7225f1
SHA256

8ad18e190e880579c8d2ff13d7030ca36c9ba45d947077f759c584fe37025c87
SHA512

195fd2600c0047fec1fb2dcf7a03decbb1a8fdadec6b95a78e5f3cf0858aa4ce71bfafe8c6367f99143ad8d11d6ac924873ca8d0d1977d266aa11b9250a7143c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wISK9XIXkq+xk:BemTLkNdfE0pZrw

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 2 IoCs

resource	yara_rule
behavioral2/files/0x000700000002301d-6.dat	UPX
behavioral2/files/0x00070000000231dc-20.dat	UPX

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/4652-0-0x00007FF748790000-0x00007FF748AE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002301d-6.dat	xmrig
behavioral2/files/0x00070000000231dc-20.dat	xmrig
behavioral2/memory/1232-74-0x00007FF7109C0000-0x00007FF710D14000-memory.dmp	xmrig
behavioral2/files/0x00070000000231ee-98.dat	xmrig
behavioral2/files/0x00070000000231ef-99.dat	xmrig
behavioral2/files/0x00070000000231f4-137.dat	xmrig

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4652-0-0x00007FF748790000-0x00007FF748AE4000-memory.dmp	upx
behavioral2/files/0x000700000002301d-6.dat	upx
behavioral2/files/0x00070000000231dc-20.dat	upx
behavioral2/memory/1232-74-0x00007FF7109C0000-0x00007FF710D14000-memory.dmp	upx
behavioral2/files/0x00070000000231ee-98.dat	upx
behavioral2/files/0x00070000000231ef-99.dat	upx
behavioral2/files/0x00070000000231f4-137.dat	upx
behavioral2/memory/3772-186-0x00007FF6C8330000-0x00007FF6C8684000-memory.dmp	upx
behavioral2/memory/224-639-0x00007FF715780000-0x00007FF715AD4000-memory.dmp	upx
behavioral2/memory/1564-642-0x00007FF670010000-0x00007FF670364000-memory.dmp	upx
behavioral2/memory/3940-646-0x00007FF63C9D0000-0x00007FF63CD24000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\8ad18e190e880579c8d2ff13d7030ca36c9ba45d947077f759c584fe37025c87.exe
"C:\Users\Admin\AppData\Local\Temp\8ad18e190e880579c8d2ff13d7030ca36c9ba45d947077f759c584fe37025c87.exe"
1⤵
PID:4652
- C:\Windows\System\uYMwdIu.exe
  C:\Windows\System\uYMwdIu.exe
  2⤵
  PID:408
- C:\Windows\System\NtxjEpI.exe
  C:\Windows\System\NtxjEpI.exe
  2⤵
  PID:1232
- C:\Windows\System\sOhiHRy.exe
  C:\Windows\System\sOhiHRy.exe
  2⤵
  PID:4860
- C:\Windows\System\HVXdxsv.exe
  C:\Windows\System\HVXdxsv.exe
  2⤵
  PID:3828
- C:\Windows\System\yqGnWzV.exe
  C:\Windows\System\yqGnWzV.exe
  2⤵
  PID:5068
- C:\Windows\System\lGdvTLo.exe
  C:\Windows\System\lGdvTLo.exe
  2⤵
  PID:3968
- C:\Windows\System\wAAeyzh.exe
  C:\Windows\System\wAAeyzh.exe
  2⤵
  PID:5632
- C:\Windows\System\kqTpAlj.exe
  C:\Windows\System\kqTpAlj.exe
  2⤵
  PID:6212
- C:\Windows\System\vmmmUav.exe
  C:\Windows\System\vmmmUav.exe
  2⤵
  PID:7204
- C:\Windows\System\EkgvSTX.exe
  C:\Windows\System\EkgvSTX.exe
  2⤵
  PID:7392
- C:\Windows\System\JxnCiLm.exe
  C:\Windows\System\JxnCiLm.exe
  2⤵
  PID:7412
- C:\Windows\System\PnOjYTB.exe
  C:\Windows\System\PnOjYTB.exe
  2⤵
  PID:9236
- C:\Windows\System\lDlzAcP.exe
  C:\Windows\System\lDlzAcP.exe
  2⤵
  PID:11532
- C:\Windows\System\tNoOXOO.exe
  C:\Windows\System\tNoOXOO.exe
  2⤵
  PID:11548
- C:\Windows\System\hOwJqKK.exe
  C:\Windows\System\hOwJqKK.exe
  2⤵
  PID:13780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DveZoiC.exe

Filesize
960KB

MD5
180ec18cff675908ea09fb02b8edeae7

SHA1
908a0fde6e66598e819044f800d2fb12a2c2d5e4

SHA256
35e0571c2720559fc2e392ef1ac01a4890a7f5a52de790fe0560ba1ddb8b0978

SHA512
f4efca4f8c80307ac309f06271cca1b553bd93330b442aaa71749f3ce5f3d47dab778dbee66162c088762bb8f4726a65ed8e5313f9bd8da09d951b910b9f8e49

Download Submit
C:\Windows\System\HVXdxsv.exe

Filesize
832KB

MD5
fe23d8f2a683ea3c37e211db5c47c198

SHA1
c8d98757080f758fa71fe2947f967f4c2ba26b77

SHA256
e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8

SHA512
ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

Download Submit
C:\Windows\System\MyOFnnC.exe

Filesize
1.6MB

MD5
77efd040a9ea34bee863950e3be566f2

SHA1
2406862911b876c1b7f1e0cebd8d92fa67fc33de

SHA256
3322497c878b28c1e663f5c0a9d383a1b8ccc169f51d77a087193bea374c54e3

SHA512
dd136d90b8b85900b87952fce28b5811607a123d1d53b7e19957b59eb3e8d8bff733bbb52e7b5bd7226cd4c2a1f50c6a4572a459f8408961a64a2e721e044aff

Download Submit
C:\Windows\System\lGdvTLo.exe

Filesize
704KB

MD5
27f1ae58c0e7ea96c463a8f0329d13e3

SHA1
a5352f33f2a7ec676e07aa36bd587f2a910b1502

SHA256
570ef729e78067f9e824a09ee84a0b44c24671dfe07947eaca970f453f235334

SHA512
51c2e61154a9cf7b8c51728bee23d084e40467a64fc74544ed07917de5c42cd2c4f093dc4dba57e475be140334b7f9d2f8c2784d353f9bec4fe5fc6098f5ad70

Download Submit
C:\Windows\System\uYMwdIu.exe

Filesize
2.1MB

MD5
c659dbc0b3fe9aceaab7ff72192f78f7

SHA1
fd704dfe0525411a892fa18abcab3d5bb3100660

SHA256
a0a2fca61bbac3f4f74d0a887b6d9a2432f7fcd26b47036c251d228c34335b45

SHA512
b8e7aba0c80fa68442367cd90531af1f004218bb58fb13168620712d84d267fc87221a3e51e5c5da562ac0c38d5692b8fa36e35fd5f54fb74cfef48a9e88997a

Download Submit
memory/224-639-0x00007FF715780000-0x00007FF715AD4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-74-0x00007FF7109C0000-0x00007FF710D14000-memory.dmp

Filesize
3.3MB

Download
memory/1564-642-0x00007FF670010000-0x00007FF670364000-memory.dmp

Filesize
3.3MB

Download
memory/3772-186-0x00007FF6C8330000-0x00007FF6C8684000-memory.dmp

Filesize
3.3MB

Download
memory/3940-646-0x00007FF63C9D0000-0x00007FF63CD24000-memory.dmp

Filesize
3.3MB

Download
memory/4652-0-0x00007FF748790000-0x00007FF748AE4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing