xmrig | 62e4ba93ca4a16dc959e6b611c78de6c40d8816e3475139747d146b1dab7d44d

Analysis

max time kernel
18s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 22:52

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

62e4ba93ca4a16dc959e6b611c78de6c40d8816e3475139747d146b1dab7d44d.exe
Size

2.2MB
MD5

de15461b9c16eea16c893027e2ce7ef5
SHA1

c915179c9c530571b649fa1eb1d81865151ca00a
SHA256

62e4ba93ca4a16dc959e6b611c78de6c40d8816e3475139747d146b1dab7d44d
SHA512

a8449bd75f50195db05c1c236a58983c7e8a47f7cb60c4648cb5d529b022459122ef4da5b540ccde8045ca4b35f3489b2ed55fd5fd226583f13a9a893fa30120
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIX+MLqOBLXBzhRn2PDs0IU:BemTLkNdfE0pZrM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 3 IoCs

resource	yara_rule
behavioral2/memory/1408-0-0x00007FF7E4AE0000-0x00007FF7E4E34000-memory.dmp	UPX
behavioral2/files/0x00080000000233f5-20.dat	UPX
behavioral2/files/0x0007000000023403-157.dat	UPX

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/1408-0-0x00007FF7E4AE0000-0x00007FF7E4E34000-memory.dmp	xmrig
behavioral2/files/0x00080000000233f5-20.dat	xmrig
behavioral2/files/0x0007000000023403-157.dat	xmrig
behavioral2/files/0x000700000002340d-199.dat	xmrig
behavioral2/memory/4276-408-0x00007FF6BD6C0000-0x00007FF6BDA14000-memory.dmp	xmrig
behavioral2/memory/1168-410-0x00007FF7105B0000-0x00007FF710904000-memory.dmp	xmrig

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1408-0-0x00007FF7E4AE0000-0x00007FF7E4E34000-memory.dmp	upx
behavioral2/files/0x00080000000233f5-20.dat	upx
behavioral2/files/0x0007000000023403-157.dat	upx
behavioral2/files/0x000700000002340d-199.dat	upx
behavioral2/memory/4276-408-0x00007FF6BD6C0000-0x00007FF6BDA14000-memory.dmp	upx
behavioral2/memory/1168-410-0x00007FF7105B0000-0x00007FF710904000-memory.dmp	upx
behavioral2/memory/4540-466-0x00007FF79B650000-0x00007FF79B9A4000-memory.dmp	upx
behavioral2/memory/4728-553-0x00007FF79E160000-0x00007FF79E4B4000-memory.dmp	upx
behavioral2/memory/2500-691-0x00007FF76DD40000-0x00007FF76E094000-memory.dmp	upx
behavioral2/memory/4088-832-0x00007FF78C980000-0x00007FF78CCD4000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\62e4ba93ca4a16dc959e6b611c78de6c40d8816e3475139747d146b1dab7d44d.exe
"C:\Users\Admin\AppData\Local\Temp\62e4ba93ca4a16dc959e6b611c78de6c40d8816e3475139747d146b1dab7d44d.exe"
1⤵
PID:1408
- C:\Windows\System\RDlriEL.exe
  C:\Windows\System\RDlriEL.exe
  2⤵
  PID:2936
- C:\Windows\System\kjZGEWn.exe
  C:\Windows\System\kjZGEWn.exe
  2⤵
  PID:2116
- C:\Windows\System\CVtMiQE.exe
  C:\Windows\System\CVtMiQE.exe
  2⤵
  PID:556
- C:\Windows\System\joANfrt.exe
  C:\Windows\System\joANfrt.exe
  2⤵
  PID:5000
- C:\Windows\System\nmueVwL.exe
  C:\Windows\System\nmueVwL.exe
  2⤵
  PID:3556
- C:\Windows\System\crZnYPN.exe
  C:\Windows\System\crZnYPN.exe
  2⤵
  PID:2488
- C:\Windows\System\ylthYAr.exe
  C:\Windows\System\ylthYAr.exe
  2⤵
  PID:412
- C:\Windows\System\LuYvWQv.exe
  C:\Windows\System\LuYvWQv.exe
  2⤵
  PID:1336
- C:\Windows\System\WLgnJIC.exe
  C:\Windows\System\WLgnJIC.exe
  2⤵
  PID:1588
- C:\Windows\System\nhNtNGW.exe
  C:\Windows\System\nhNtNGW.exe
  2⤵
  PID:1360
- C:\Windows\System\yrggGkX.exe
  C:\Windows\System\yrggGkX.exe
  2⤵
  PID:6336
- C:\Windows\System\InaYbrf.exe
  C:\Windows\System\InaYbrf.exe
  2⤵
  PID:7616
- C:\Windows\System\CBrWXYA.exe
  C:\Windows\System\CBrWXYA.exe
  2⤵
  PID:8896
- C:\Windows\System\npeETyn.exe
  C:\Windows\System\npeETyn.exe
  2⤵
  PID:8912
- C:\Windows\System\GaHAyUM.exe
  C:\Windows\System\GaHAyUM.exe
  2⤵
  PID:7212
- C:\Windows\System\xNMhPrr.exe
  C:\Windows\System\xNMhPrr.exe
  2⤵
  PID:11276
- C:\Windows\System\eAvHaCI.exe
  C:\Windows\System\eAvHaCI.exe
  2⤵
  PID:9296
- C:\Windows\System\QGfqtyf.exe
  C:\Windows\System\QGfqtyf.exe
  2⤵
  PID:9408
- C:\Windows\System\aoqiqWA.exe
  C:\Windows\System\aoqiqWA.exe
  2⤵
  PID:9528
- C:\Windows\System\WXHFBSM.exe
  C:\Windows\System\WXHFBSM.exe
  2⤵
  PID:9696
- C:\Windows\System\KrqSZtg.exe
  C:\Windows\System\KrqSZtg.exe
  2⤵
  PID:9800
- C:\Windows\System\AxzWPZq.exe
  C:\Windows\System\AxzWPZq.exe
  2⤵
  PID:9784
- C:\Windows\System\AabbBZr.exe
  C:\Windows\System\AabbBZr.exe
  2⤵
  PID:9964
- C:\Windows\System\GbbydAu.exe
  C:\Windows\System\GbbydAu.exe
  2⤵
  PID:12292
- C:\Windows\System\XCzaEjc.exe
  C:\Windows\System\XCzaEjc.exe
  2⤵
  PID:12308
- C:\Windows\System\MCXmMzf.exe
  C:\Windows\System\MCXmMzf.exe
  2⤵
  PID:12324
- C:\Windows\System\jaqAdiZ.exe
  C:\Windows\System\jaqAdiZ.exe
  2⤵
  PID:12348
- C:\Windows\System\EnDCfXS.exe
  C:\Windows\System\EnDCfXS.exe
  2⤵
  PID:12364
- C:\Windows\System\iPCtAGb.exe
  C:\Windows\System\iPCtAGb.exe
  2⤵
  PID:12388
- C:\Windows\System\CncguJd.exe
  C:\Windows\System\CncguJd.exe
  2⤵
  PID:12408
- C:\Windows\System\kShFoge.exe
  C:\Windows\System\kShFoge.exe
  2⤵
  PID:12424
- C:\Windows\System\rOMOLFd.exe
  C:\Windows\System\rOMOLFd.exe
  2⤵
  PID:12440
- C:\Windows\System\NSqDQCz.exe
  C:\Windows\System\NSqDQCz.exe
  2⤵
  PID:12468
- C:\Windows\System\bctWtHN.exe
  C:\Windows\System\bctWtHN.exe
  2⤵
  PID:12484
- C:\Windows\System\aiSXWAf.exe
  C:\Windows\System\aiSXWAf.exe
  2⤵
  PID:12512
- C:\Windows\System\REiYOAb.exe
  C:\Windows\System\REiYOAb.exe
  2⤵
  PID:12528
- C:\Windows\System\cJosatp.exe
  C:\Windows\System\cJosatp.exe
  2⤵
  PID:12552
- C:\Windows\System\tYjHbuu.exe
  C:\Windows\System\tYjHbuu.exe
  2⤵
  PID:12568
- C:\Windows\System\TFLenLE.exe
  C:\Windows\System\TFLenLE.exe
  2⤵
  PID:12584
- C:\Windows\System\QUptNNp.exe
  C:\Windows\System\QUptNNp.exe
  2⤵
  PID:12600
- C:\Windows\System\oZvVjgA.exe
  C:\Windows\System\oZvVjgA.exe
  2⤵
  PID:12620
- C:\Windows\System\dSDVJjM.exe
  C:\Windows\System\dSDVJjM.exe
  2⤵
  PID:12644
- C:\Windows\System\buWwVWn.exe
  C:\Windows\System\buWwVWn.exe
  2⤵
  PID:12668
- C:\Windows\System\nkPzPkW.exe
  C:\Windows\System\nkPzPkW.exe
  2⤵
  PID:12684
- C:\Windows\System\txtxhiM.exe
  C:\Windows\System\txtxhiM.exe
  2⤵
  PID:12708
- C:\Windows\System\LRFAKGK.exe
  C:\Windows\System\LRFAKGK.exe
  2⤵
  PID:10580
- C:\Windows\System\IIqBtje.exe
  C:\Windows\System\IIqBtje.exe
  2⤵
  PID:8996
- C:\Windows\System\JSFnIqd.exe
  C:\Windows\System\JSFnIqd.exe
  2⤵
  PID:9028
- C:\Windows\System\uEeBNEH.exe
  C:\Windows\System\uEeBNEH.exe
  2⤵
  PID:9060
- C:\Windows\System\GZqMHli.exe
  C:\Windows\System\GZqMHli.exe
  2⤵
  PID:9092
- C:\Windows\System\sasTojb.exe
  C:\Windows\System\sasTojb.exe
  2⤵
  PID:9124
- C:\Windows\System\TcwHIuU.exe
  C:\Windows\System\TcwHIuU.exe
  2⤵
  PID:9156
- C:\Windows\System\NzaZVei.exe
  C:\Windows\System\NzaZVei.exe
  2⤵
  PID:9188
- C:\Windows\System\KqsCcNR.exe
  C:\Windows\System\KqsCcNR.exe
  2⤵
  PID:7184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CVtMiQE.exe

Filesize
1.8MB

MD5
e1584e069c8c960d2a6753e2fbcaf2eb

SHA1
e9321ee01e14b1eb6a47dcc3d3ffc00ccb69bcdb

SHA256
2c25649fc1259f248719460895ff0caced70b00ca95f2edb1980264d989aa239

SHA512
7a546030cad4c1182c75d689d98d3ed139bb755d110e805fdffccb578b21b8326f2f20b6fb8af8d0e4f99efa3c54ed023d179c0bd3b162576885b5fd8b783a8b

Download Submit
C:\Windows\System\jCWCNyx.exe

Filesize
1024KB

MD5
b2ad855639c2b8f4bb10c3fa9e5e0e9a

SHA1
63a4a138146af5e173502df54e615e87862cd1a7

SHA256
cd53f3c3dd2c1bd95105a3edb1ec4cb3264e45baa2409fc2350b91725a8bf544

SHA512
3529025d3e0f67cb320696d9895c3861afb6e90b20da8d36532718eee7a4a8cbc519616d746669732421d515893f7df7d8c074a583a7d45ba03bc909082ec6ba

Download Submit
C:\Windows\System\ylthYAr.exe

Filesize
832KB

MD5
fe23d8f2a683ea3c37e211db5c47c198

SHA1
c8d98757080f758fa71fe2947f967f4c2ba26b77

SHA256
e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8

SHA512
ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

Download Submit
memory/1168-410-0x00007FF7105B0000-0x00007FF710904000-memory.dmp

Filesize
3.3MB

Download
memory/1264-1275-0x00007FF7F70D0000-0x00007FF7F7424000-memory.dmp

Filesize
3.3MB

Download
memory/1408-0-0x00007FF7E4AE0000-0x00007FF7E4E34000-memory.dmp

Filesize
3.3MB

Download
memory/1408-1-0x00000207302B0000-0x00000207302C0000-memory.dmp

Filesize
64KB

Download
memory/2500-691-0x00007FF76DD40000-0x00007FF76E094000-memory.dmp

Filesize
3.3MB

Download
memory/4088-832-0x00007FF78C980000-0x00007FF78CCD4000-memory.dmp

Filesize
3.3MB

Download
memory/4276-408-0x00007FF6BD6C0000-0x00007FF6BDA14000-memory.dmp

Filesize
3.3MB

Download
memory/4540-466-0x00007FF79B650000-0x00007FF79B9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4728-553-0x00007FF79E160000-0x00007FF79E4B4000-memory.dmp

Filesize
3.3MB

Download