xmrig | be1f20cdf4c0f40ddece8c69f8aa982802787f9b4054180372b643e1b1bd1c85

Analysis

max time kernel
17s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

be1f20cdf4c0f40ddece8c69f8aa982802787f9b4054180372b643e1b1bd1c85.exe
Size

2.1MB
MD5

170f4a0d5560185d2a4718207c1f2e00
SHA1

b860d3a33aec6a13fbba8f6d49018de3b92e756e
SHA256

be1f20cdf4c0f40ddece8c69f8aa982802787f9b4054180372b643e1b1bd1c85
SHA512

5970f9a76d5c19e90ca703ba3826be93fc4629e7872dd1a1b7ae5f28a0df6aecd02be23a5f4639b20bfe670fcddcb9d86c47ef98a575afb4d35149f8513048b6
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wISK9XIXkwa:BemTLkNdfE0pZrF

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023221-20.dat	UPX
behavioral2/files/0x000700000002322c-68.dat	UPX
behavioral2/files/0x0007000000023237-132.dat	UPX
behavioral2/files/0x0007000000023244-191.dat	UPX

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral2/memory/3600-0-0x00007FF749050000-0x00007FF7493A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023221-20.dat	xmrig
behavioral2/files/0x000700000002322c-68.dat	xmrig
behavioral2/files/0x0007000000023237-132.dat	xmrig
behavioral2/files/0x0007000000023244-191.dat	xmrig
behavioral2/memory/1708-633-0x00007FF78A070000-0x00007FF78A3C4000-memory.dmp	xmrig
behavioral2/memory/3192-636-0x00007FF648D50000-0x00007FF6490A4000-memory.dmp	xmrig
behavioral2/memory/1544-638-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp	xmrig
behavioral2/memory/3340-641-0x00007FF72B7C0000-0x00007FF72BB14000-memory.dmp	xmrig
behavioral2/memory/4336-645-0x00007FF773CE0000-0x00007FF774034000-memory.dmp	xmrig
behavioral2/memory/1876-1524-0x00007FF6F61D0000-0x00007FF6F6524000-memory.dmp	xmrig
behavioral2/memory/744-1473-0x00007FF683B70000-0x00007FF683EC4000-memory.dmp	xmrig

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3600-0-0x00007FF749050000-0x00007FF7493A4000-memory.dmp	upx
behavioral2/files/0x0007000000023221-20.dat	upx
behavioral2/files/0x000700000002322c-68.dat	upx
behavioral2/files/0x0007000000023237-132.dat	upx
behavioral2/files/0x0007000000023244-191.dat	upx
behavioral2/memory/1708-633-0x00007FF78A070000-0x00007FF78A3C4000-memory.dmp	upx
behavioral2/memory/3192-636-0x00007FF648D50000-0x00007FF6490A4000-memory.dmp	upx
behavioral2/memory/1544-638-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp	upx
behavioral2/memory/3340-641-0x00007FF72B7C0000-0x00007FF72BB14000-memory.dmp	upx
behavioral2/memory/4336-645-0x00007FF773CE0000-0x00007FF774034000-memory.dmp	upx
behavioral2/memory/1876-1524-0x00007FF6F61D0000-0x00007FF6F6524000-memory.dmp	upx
behavioral2/memory/744-1473-0x00007FF683B70000-0x00007FF683EC4000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\be1f20cdf4c0f40ddece8c69f8aa982802787f9b4054180372b643e1b1bd1c85.exe
"C:\Users\Admin\AppData\Local\Temp\be1f20cdf4c0f40ddece8c69f8aa982802787f9b4054180372b643e1b1bd1c85.exe"
1⤵
PID:3600
- C:\Windows\System\nzuutyB.exe
  C:\Windows\System\nzuutyB.exe
  2⤵
  PID:2628
- C:\Windows\System\CkAhfsi.exe
  C:\Windows\System\CkAhfsi.exe
  2⤵
  PID:1512
- C:\Windows\System\nCsSTnw.exe
  C:\Windows\System\nCsSTnw.exe
  2⤵
  PID:4860
- C:\Windows\System\kyMfLyM.exe
  C:\Windows\System\kyMfLyM.exe
  2⤵
  PID:3472
- C:\Windows\System\ExGMnMF.exe
  C:\Windows\System\ExGMnMF.exe
  2⤵
  PID:2348
- C:\Windows\System\qKKwXPP.exe
  C:\Windows\System\qKKwXPP.exe
  2⤵
  PID:4404
- C:\Windows\System\ZemKRbS.exe
  C:\Windows\System\ZemKRbS.exe
  2⤵
  PID:2500
- C:\Windows\System\tDinuVm.exe
  C:\Windows\System\tDinuVm.exe
  2⤵
  PID:712
- C:\Windows\System\fuPpQrR.exe
  C:\Windows\System\fuPpQrR.exe
  2⤵
  PID:2400
- C:\Windows\System\VGFBwYg.exe
  C:\Windows\System\VGFBwYg.exe
  2⤵
  PID:2268
- C:\Windows\System\ZcRxiZi.exe
  C:\Windows\System\ZcRxiZi.exe
  2⤵
  PID:4304
- C:\Windows\System\oEnqgFe.exe
  C:\Windows\System\oEnqgFe.exe
  2⤵
  PID:3836
- C:\Windows\System\qJjrAIk.exe
  C:\Windows\System\qJjrAIk.exe
  2⤵
  PID:7116
- C:\Windows\System\pFoPFxo.exe
  C:\Windows\System\pFoPFxo.exe
  2⤵
  PID:7504
- C:\Windows\System\aHxAtiv.exe
  C:\Windows\System\aHxAtiv.exe
  2⤵
  PID:7520
- C:\Windows\System\VFpihpB.exe
  C:\Windows\System\VFpihpB.exe
  2⤵
  PID:10476
- C:\Windows\System\siOvyCx.exe
  C:\Windows\System\siOvyCx.exe
  2⤵
  PID:12624
- C:\Windows\System\tTbfkFj.exe
  C:\Windows\System\tTbfkFj.exe
  2⤵
  PID:6416
- C:\Windows\System\nKQNkCl.exe
  C:\Windows\System\nKQNkCl.exe
  2⤵
  PID:13988
- C:\Windows\System\OKRUsWl.exe
  C:\Windows\System\OKRUsWl.exe
  2⤵
  PID:14004
- C:\Windows\System\DvoTDEc.exe
  C:\Windows\System\DvoTDEc.exe
  2⤵
  PID:14024
- C:\Windows\System\pGXECLG.exe
  C:\Windows\System\pGXECLG.exe
  2⤵
  PID:14040
- C:\Windows\System\CDEmOAD.exe
  C:\Windows\System\CDEmOAD.exe
  2⤵
  PID:14060
- C:\Windows\System\zhwNgGg.exe
  C:\Windows\System\zhwNgGg.exe
  2⤵
  PID:14076
- C:\Windows\System\hCshgQR.exe
  C:\Windows\System\hCshgQR.exe
  2⤵
  PID:14092
- C:\Windows\System\pZwiBzk.exe
  C:\Windows\System\pZwiBzk.exe
  2⤵
  PID:14112
- C:\Windows\System\MkUhoEP.exe
  C:\Windows\System\MkUhoEP.exe
  2⤵
  PID:14128
- C:\Windows\System\Dytpult.exe
  C:\Windows\System\Dytpult.exe
  2⤵
  PID:14144
- C:\Windows\System\LgRYnAu.exe
  C:\Windows\System\LgRYnAu.exe
  2⤵
  PID:14164
- C:\Windows\System\kWzNkhD.exe
  C:\Windows\System\kWzNkhD.exe
  2⤵
  PID:14180
- C:\Windows\System\asXIntQ.exe
  C:\Windows\System\asXIntQ.exe
  2⤵
  PID:14200
- C:\Windows\System\vQEQXOC.exe
  C:\Windows\System\vQEQXOC.exe
  2⤵
  PID:14216
- C:\Windows\System\VsSdgkh.exe
  C:\Windows\System\VsSdgkh.exe
  2⤵
  PID:12600
- C:\Windows\System\cwezJJw.exe
  C:\Windows\System\cwezJJw.exe
  2⤵
  PID:7516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BlXSmmc.exe

Filesize
2.1MB

MD5
1f57363995a71f8806a52e5b1198c7b1

SHA1
e94035f89e5d71eac26310762a633ab477c83061

SHA256
d406226d948eeb29c2fdc783543f1d215b8966780f61f19cb9fc8a42ebad35f2

SHA512
cdb700f1c9452f2a3524a61ba2bd831f6ecc37b81c5c71bb840b5d7649c63be5a34bc0c51384d1651ee03f255cea38516e2e91956b3e73444a6a63a21f4e9d6a

Download Submit
C:\Windows\System\TICaerR.exe

Filesize
2.0MB

MD5
75d8ad6bd04d19e28dc65e3de3a04310

SHA1
521643bc00380ac3b5421f62ca80d1bb8f7adfe0

SHA256
0701d7d910a47d46410a57513b2e21d3cf286d5d53584e2e90e846a537100088

SHA512
0e75c7f0ae70d5f90070474d180d8f44bb03dd59d7a1b569b084261c5d07054b599b299b89f9af209dbaa084c81cdec30a04a1eee57030261bce21318a6d8f34

Download Submit
C:\Windows\System\ZemKRbS.exe

Filesize
1.8MB

MD5
a4d9d94cb3c4f57a1d643c77116f3627

SHA1
d7c89f254bc76d6fb9bb23748d71e2f54c4a4191

SHA256
35848d2eb57e120adb20a6171c63ede010632a0c2ce117bfa9fbf6be2c2b7781

SHA512
9e58bfd802b3c7fe4d90b623666632d8f3961f505fab3dd8597ae2af51195c423016be6a4627a74f6980ee4e49f9aa48168217afa03be90c0c47ebf07f1f91a2

Download Submit
C:\Windows\System\fHLMeYf.exe

Filesize
1.4MB

MD5
1f06fce3af22a65ef5b2635f52d088c3

SHA1
84f44bc82889b9f54baf504bedbd4204dc5a981d

SHA256
371798fc53dbfb5963ba95ba4967571909995063b9eff1e6314533b20e574745

SHA512
a990dc6f2435079a0cf1fd8864a26fe7cc8666b2ce869d2411acc757cbfc60476873cf2d02886de20dd089f253e486a216f69899336556e63e8ebeeea812fa0d

Download Submit
memory/744-1473-0x00007FF683B70000-0x00007FF683EC4000-memory.dmp

Filesize
3.3MB

Download
memory/1544-638-0x00007FF6DD510000-0x00007FF6DD864000-memory.dmp

Filesize
3.3MB

Download
memory/1708-633-0x00007FF78A070000-0x00007FF78A3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1524-0x00007FF6F61D0000-0x00007FF6F6524000-memory.dmp

Filesize
3.3MB

Download
memory/3192-636-0x00007FF648D50000-0x00007FF6490A4000-memory.dmp

Filesize
3.3MB

Download
memory/3340-641-0x00007FF72B7C0000-0x00007FF72BB14000-memory.dmp

Filesize
3.3MB

Download
memory/3600-0-0x00007FF749050000-0x00007FF7493A4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-1-0x000001D137890000-0x000001D1378A0000-memory.dmp

Filesize
64KB

Download
memory/4336-645-0x00007FF773CE0000-0x00007FF774034000-memory.dmp

Filesize
3.3MB

Download