xmrig | 0f3278a69c3d6f14468b30ce95bcb0524f7a7fc25aebe83bce835f8649e97727

Analysis

max time kernel
120s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe
Size

1.5MB
MD5

f12306d2d21f77e1491927e514936c87
SHA1

05dbde63414e2ba0a9ec99629faa018688a4f13a
SHA256

0f3278a69c3d6f14468b30ce95bcb0524f7a7fc25aebe83bce835f8649e97727
SHA512

fd00dcc9bf741ded60b4cc3ffc2e3eb90599f6da2b8ce4e4d29fba543cc81775c6c0923e8ef1afed965ad4c8b1b87c9ef3f93f853ba5cea5be683c2d1209deff
SSDEEP

49152:MBe4nF98nBrA1BfTm5SpeNA3mV/vbYJ11:MBhrwBr01C5MgqmBT

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/2128-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2128-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4704-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4704-20-0x0000000005430000-0x00000000055C3000-memory.dmp	xmrig
behavioral2/memory/4704-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4704-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4704	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4704	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2128-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0008000000023485-11.dat	upx
behavioral2/memory/4704-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2128	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2128	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe
4704	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 4704	2128	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe	89
PID 2128 wrote to memory of 4704	2128	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe	89
PID 2128 wrote to memory of 4704	2128	f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe	89

C:\Users\Admin\AppData\Local\Temp\f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f12306d2d21f77e1491927e514936c87_JaffaCakes118.exe

Filesize
784KB

MD5
292fb666f30e05b36eab36f915888ae3

SHA1
2f69500f702030d94665e5739c190b3eca5b7a5b

SHA256
abb2d74ccae7290058ca5f435e059a17959c7f1fd9c39ffe865e622bf4662598

SHA512
7e36c8ab2a46d7aeb19ac49070e1b985158d40f5089a2e7b5ef8db793df7aba832ffd543947c6346289b85b130a89bedf291825db9c3d6b9e6a43e56b1d1da1e

Download Submit
memory/2128-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2128-1-0x0000000001A30000-0x0000000001AF4000-memory.dmp

Filesize
784KB

Download
memory/2128-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2128-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4704-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4704-15-0x0000000001910000-0x00000000019D4000-memory.dmp

Filesize
784KB

Download
memory/4704-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4704-20-0x0000000005430000-0x00000000055C3000-memory.dmp

Filesize
1.6MB

Download
memory/4704-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4704-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download