xmrig | f855b598572bdc45b15809b00b2d855afa15753c093fe293d2a38c6271f22b9c

Analysis

max time kernel
9s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0041171023b668c85300a4a96e575924_JaffaCakes118.exe
Size

1.3MB
MD5

0041171023b668c85300a4a96e575924
SHA1

922230e161c4ffad960794963158c8fc21f3a797
SHA256

f855b598572bdc45b15809b00b2d855afa15753c093fe293d2a38c6271f22b9c
SHA512

2e4c642f088fc47b1f2419f9a79f376a812629a1f7da2796a23b861e3dadced3c8fc2304e83b212c2f94ee10a56a813b5f36633535e03a407898da73f837f561
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcqdIzWokCiHovICOS7wC9DBxs:knw9oUUEEDl37jcqdI9Qs7rtLs

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral2/memory/4492-11-0x00007FF7EA8B0000-0x00007FF7EACA1000-memory.dmp	xmrig

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2636-0-0x00007FF6C5FA0000-0x00007FF6C6391000-memory.dmp	upx
behavioral2/files/0x000b000000023214-6.dat	upx
behavioral2/memory/4492-11-0x00007FF7EA8B0000-0x00007FF7EACA1000-memory.dmp	upx
behavioral2/files/0x000800000002323a-12.dat	upx
behavioral2/files/0x000700000002323f-22.dat	upx
behavioral2/memory/1796-30-0x00007FF742B20000-0x00007FF742F11000-memory.dmp	upx
behavioral2/files/0x0007000000023242-40.dat	upx
behavioral2/memory/2688-47-0x00007FF6E1970000-0x00007FF6E1D61000-memory.dmp	upx
behavioral2/memory/944-57-0x00007FF6BF920000-0x00007FF6BFD11000-memory.dmp	upx
behavioral2/memory/4340-87-0x00007FF78B370000-0x00007FF78B761000-memory.dmp	upx
behavioral2/memory/2328-175-0x00007FF71B300000-0x00007FF71B6F1000-memory.dmp	upx
behavioral2/memory/4600-194-0x00007FF667C70000-0x00007FF668061000-memory.dmp	upx
behavioral2/memory/4284-201-0x00007FF6DDB60000-0x00007FF6DDF51000-memory.dmp	upx
behavioral2/memory/4804-202-0x00007FF6F2080000-0x00007FF6F2471000-memory.dmp	upx
behavioral2/memory/4068-199-0x00007FF7B5430000-0x00007FF7B5821000-memory.dmp	upx
behavioral2/memory/2880-209-0x00007FF6439A0000-0x00007FF643D91000-memory.dmp	upx
behavioral2/memory/4256-212-0x00007FF641CE0000-0x00007FF6420D1000-memory.dmp	upx
behavioral2/memory/4296-216-0x00007FF60FE90000-0x00007FF610281000-memory.dmp	upx
behavioral2/memory/2288-222-0x00007FF7F6560000-0x00007FF7F6951000-memory.dmp	upx
behavioral2/memory/2164-225-0x00007FF73B590000-0x00007FF73B981000-memory.dmp	upx
behavioral2/memory/2372-234-0x00007FF7833F0000-0x00007FF7837E1000-memory.dmp	upx
behavioral2/memory/3560-237-0x00007FF7A1260000-0x00007FF7A1651000-memory.dmp	upx
behavioral2/memory/940-239-0x00007FF6A5720000-0x00007FF6A5B11000-memory.dmp	upx
behavioral2/memory/4992-240-0x00007FF6FC900000-0x00007FF6FCCF1000-memory.dmp	upx
behavioral2/memory/436-241-0x00007FF6C0B70000-0x00007FF6C0F61000-memory.dmp	upx
behavioral2/memory/3192-242-0x00007FF720320000-0x00007FF720711000-memory.dmp	upx
behavioral2/memory/5024-244-0x00007FF68D7A0000-0x00007FF68DB91000-memory.dmp	upx
behavioral2/memory/1252-245-0x00007FF74BAB0000-0x00007FF74BEA1000-memory.dmp	upx
behavioral2/memory/5068-251-0x00007FF60AAF0000-0x00007FF60AEE1000-memory.dmp	upx
behavioral2/memory/4276-253-0x00007FF7712B0000-0x00007FF7716A1000-memory.dmp	upx
behavioral2/memory/1240-256-0x00007FF6920F0000-0x00007FF6924E1000-memory.dmp	upx
behavioral2/memory/3604-260-0x00007FF76FB70000-0x00007FF76FF61000-memory.dmp	upx
behavioral2/memory/1708-262-0x00007FF671A00000-0x00007FF671DF1000-memory.dmp	upx
behavioral2/memory/2636-265-0x00007FF6C5FA0000-0x00007FF6C6391000-memory.dmp	upx
behavioral2/memory/2352-268-0x00007FF76A2F0000-0x00007FF76A6E1000-memory.dmp	upx
behavioral2/memory/3296-285-0x00007FF6DC900000-0x00007FF6DCCF1000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\0041171023b668c85300a4a96e575924_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0041171023b668c85300a4a96e575924_JaffaCakes118.exe"
1⤵
PID:2636
- C:\Windows\System32\jLCeblr.exe
  C:\Windows\System32\jLCeblr.exe
  2⤵
  PID:3976
- C:\Windows\System32\bzYzGhP.exe
  C:\Windows\System32\bzYzGhP.exe
  2⤵
  PID:2688
- C:\Windows\System32\uGMJGQW.exe
  C:\Windows\System32\uGMJGQW.exe
  2⤵
  PID:4356
- C:\Windows\System32\rTGkycK.exe
  C:\Windows\System32\rTGkycK.exe
  2⤵
  PID:2164
- C:\Windows\System32\TkVTIjL.exe
  C:\Windows\System32\TkVTIjL.exe
  2⤵
  PID:2920
- C:\Windows\System32\kpmHfSf.exe
  C:\Windows\System32\kpmHfSf.exe
  2⤵
  PID:4428
- C:\Windows\System32\UfafssM.exe
  C:\Windows\System32\UfafssM.exe
  2⤵
  PID:2120
- C:\Windows\System32\GvcFToZ.exe
  C:\Windows\System32\GvcFToZ.exe
  2⤵
  PID:4600
- C:\Windows\System32\RaKpyKv.exe
  C:\Windows\System32\RaKpyKv.exe
  2⤵
  PID:4804
- C:\Windows\System32\VMLcphk.exe
  C:\Windows\System32\VMLcphk.exe
  2⤵
  PID:436
- C:\Windows\System32\slhAVef.exe
  C:\Windows\System32\slhAVef.exe
  2⤵
  PID:1412
- C:\Windows\System32\BspBGTo.exe
  C:\Windows\System32\BspBGTo.exe
  2⤵
  PID:5024
- C:\Windows\System32\xtbOBCz.exe
  C:\Windows\System32\xtbOBCz.exe
  2⤵
  PID:5068
- C:\Windows\System32\DyuJmGE.exe
  C:\Windows\System32\DyuJmGE.exe
  2⤵
  PID:1240
- C:\Windows\System32\ncHXuXu.exe
  C:\Windows\System32\ncHXuXu.exe
  2⤵
  PID:4276
- C:\Windows\System32\SQAUjpn.exe
  C:\Windows\System32\SQAUjpn.exe
  2⤵
  PID:3604
- C:\Windows\System32\ZFQCOSg.exe
  C:\Windows\System32\ZFQCOSg.exe
  2⤵
  PID:1708
- C:\Windows\System32\rGKtuek.exe
  C:\Windows\System32\rGKtuek.exe
  2⤵
  PID:2352
- C:\Windows\System32\fDQckOv.exe
  C:\Windows\System32\fDQckOv.exe
  2⤵
  PID:4304
- C:\Windows\System32\nxtIUXb.exe
  C:\Windows\System32\nxtIUXb.exe
  2⤵
  PID:3296
- C:\Windows\System32\RdxWdRW.exe
  C:\Windows\System32\RdxWdRW.exe
  2⤵
  PID:4928
- C:\Windows\System32\XFSXKnz.exe
  C:\Windows\System32\XFSXKnz.exe
  2⤵
  PID:3416
- C:\Windows\System32\myKsMnD.exe
  C:\Windows\System32\myKsMnD.exe
  2⤵
  PID:5176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\UzYKXNo.exe

Filesize
1.3MB

MD5
02bd7bf771886fe140420f214f7ff218

SHA1
e3d88ed6d3b5e5c5632a6c12b65efe838688fdc9

SHA256
2f0de991971f1e5a76e800b86574b29d50731a107770b8e7fb693bdad7f793d9

SHA512
94914946afcc9417dda194e76bb8fba9c48255c0f40836a8eecc2a9a74cdbbb9831b58151343ac5fd771b196ebe37aac48300c4a7968a99d5137055bb0069cae

Download Submit
C:\Windows\System32\bzYzGhP.exe

Filesize
92KB

MD5
13f07fa50264303ad09a4d4c2febb5c0

SHA1
78b6dafcfbd823216fac84f7dab5d87ebff84430

SHA256
96a2731c3b84eb6836ba47f6ea02f4106eac9f7246c00fd89947ce264ffed615

SHA512
ab12706724906b55307c06e5bfe39ae6a271e942659979464dc9bd7fe3bd4abde70dfb4be6a2820aa4f670a1543f6a15e4eb174af400422df8d48830fa985615

Download Submit
C:\Windows\System32\dIlmCQK.exe

Filesize
381KB

MD5
db88f6baee25fe2582ce79745e01d5ec

SHA1
53866005e4df801b378801d963d580a6e800aa6a

SHA256
5b72eeded34578836a572873d71f9c280c2f7da3870c3d75412029085e10c367

SHA512
e0bfd6a3eeadaee2959ac2acb3e033b61f500da9f5f30071723ddf1a56a9d328e7800040626930e0b902f802f2320439132c57435920fa9330a7c4a315983980

Download Submit
C:\Windows\System32\hRbErTa.exe

Filesize
1.3MB

MD5
6d51203a10793261888324a69260c149

SHA1
3b5c3e0111449eecf7090ed8f99f0cb2beb526f1

SHA256
5fb047bc2ca5228249f442bfd1d617f203e7637bc1685b3f0e5049a27a7f3193

SHA512
c33340b3ef616971c253a428f5cd6a18a19a344459e47ff20cd1b0ac953a0f8ae13eaef7f776b8b1a50a827041dd96fda7d1209cfde50e5a0034e5bfcad5813f

Download Submit
memory/436-241-0x00007FF6C0B70000-0x00007FF6C0F61000-memory.dmp

Filesize
3.9MB

Download
memory/940-239-0x00007FF6A5720000-0x00007FF6A5B11000-memory.dmp

Filesize
3.9MB

Download
memory/944-57-0x00007FF6BF920000-0x00007FF6BFD11000-memory.dmp

Filesize
3.9MB

Download
memory/1240-256-0x00007FF6920F0000-0x00007FF6924E1000-memory.dmp

Filesize
3.9MB

Download
memory/1252-245-0x00007FF74BAB0000-0x00007FF74BEA1000-memory.dmp

Filesize
3.9MB

Download
memory/1708-262-0x00007FF671A00000-0x00007FF671DF1000-memory.dmp

Filesize
3.9MB

Download
memory/1796-30-0x00007FF742B20000-0x00007FF742F11000-memory.dmp

Filesize
3.9MB

Download
memory/2164-225-0x00007FF73B590000-0x00007FF73B981000-memory.dmp

Filesize
3.9MB

Download
memory/2288-222-0x00007FF7F6560000-0x00007FF7F6951000-memory.dmp

Filesize
3.9MB

Download
memory/2328-175-0x00007FF71B300000-0x00007FF71B6F1000-memory.dmp

Filesize
3.9MB

Download
memory/2352-268-0x00007FF76A2F0000-0x00007FF76A6E1000-memory.dmp

Filesize
3.9MB

Download
memory/2372-234-0x00007FF7833F0000-0x00007FF7837E1000-memory.dmp

Filesize
3.9MB

Download
memory/2636-1-0x000002397E830000-0x000002397E840000-memory.dmp

Filesize
64KB

Download
memory/2636-0-0x00007FF6C5FA0000-0x00007FF6C6391000-memory.dmp

Filesize
3.9MB

Download
memory/2636-265-0x00007FF6C5FA0000-0x00007FF6C6391000-memory.dmp

Filesize
3.9MB

Download
memory/2688-47-0x00007FF6E1970000-0x00007FF6E1D61000-memory.dmp

Filesize
3.9MB

Download
memory/2880-209-0x00007FF6439A0000-0x00007FF643D91000-memory.dmp

Filesize
3.9MB

Download
memory/3192-242-0x00007FF720320000-0x00007FF720711000-memory.dmp

Filesize
3.9MB

Download
memory/3296-285-0x00007FF6DC900000-0x00007FF6DCCF1000-memory.dmp

Filesize
3.9MB

Download
memory/3560-237-0x00007FF7A1260000-0x00007FF7A1651000-memory.dmp

Filesize
3.9MB

Download
memory/3604-260-0x00007FF76FB70000-0x00007FF76FF61000-memory.dmp

Filesize
3.9MB

Download
memory/4068-199-0x00007FF7B5430000-0x00007FF7B5821000-memory.dmp

Filesize
3.9MB

Download
memory/4256-212-0x00007FF641CE0000-0x00007FF6420D1000-memory.dmp

Filesize
3.9MB

Download
memory/4276-253-0x00007FF7712B0000-0x00007FF7716A1000-memory.dmp

Filesize
3.9MB

Download
memory/4284-201-0x00007FF6DDB60000-0x00007FF6DDF51000-memory.dmp

Filesize
3.9MB

Download
memory/4296-216-0x00007FF60FE90000-0x00007FF610281000-memory.dmp

Filesize
3.9MB

Download
memory/4340-87-0x00007FF78B370000-0x00007FF78B761000-memory.dmp

Filesize
3.9MB

Download
memory/4492-11-0x00007FF7EA8B0000-0x00007FF7EACA1000-memory.dmp

Filesize
3.9MB

Download
memory/4600-194-0x00007FF667C70000-0x00007FF668061000-memory.dmp

Filesize
3.9MB

Download
memory/4804-202-0x00007FF6F2080000-0x00007FF6F2471000-memory.dmp

Filesize
3.9MB

Download
memory/4992-240-0x00007FF6FC900000-0x00007FF6FCCF1000-memory.dmp

Filesize
3.9MB

Download
memory/5024-244-0x00007FF68D7A0000-0x00007FF68DB91000-memory.dmp

Filesize
3.9MB

Download
memory/5068-251-0x00007FF60AAF0000-0x00007FF60AEE1000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads