xmrig | cdef56ecb6e229ec22576b215de049032ff1472a12179052cc68c00bf0029b09

Analysis

max time kernel
8s
max time network
4s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65db4567af98c936b55e930ca8d8be10_NEIKI.exe
Size

2.0MB
MD5

65db4567af98c936b55e930ca8d8be10
SHA1

928edf9a2d2bd80953594347b742d4754f8c456f
SHA256

cdef56ecb6e229ec22576b215de049032ff1472a12179052cc68c00bf0029b09
SHA512

3060b6cd68f9a64d2559c8ccb26f481b4e33c48cf358489bd91db56bb40a590ff9f9c8e0dc9db9470650212b75d81b32ed6e0058098b0b0569aa3b2bc95226b7
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AjEG7uA8R+:BemTLkNdfE0pZro

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 10 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000d000000014698-5.dat	xmrig
behavioral1/files/0x002b000000014c67-8.dat	xmrig
behavioral1/files/0x0008000000015364-10.dat	xmrig
behavioral1/files/0x00070000000155d4-21.dat	xmrig
behavioral1/files/0x00070000000155d9-22.dat	xmrig
behavioral1/files/0x0008000000015d88-41.dat	xmrig
behavioral1/memory/2560-114-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d41-70.dat	xmrig
behavioral1/files/0x0006000000016d41-117.dat	xmrig

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000d000000014698-5.dat	upx
behavioral1/files/0x002b000000014c67-8.dat	upx
behavioral1/files/0x0008000000015364-10.dat	upx
behavioral1/files/0x00070000000155d4-21.dat	upx
behavioral1/files/0x00070000000155d9-22.dat	upx
behavioral1/files/0x0008000000015d88-41.dat	upx
behavioral1/memory/2560-114-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0006000000016d41-70.dat	upx
behavioral1/files/0x0006000000016d41-117.dat	upx

C:\Users\Admin\AppData\Local\Temp\65db4567af98c936b55e930ca8d8be10_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\65db4567af98c936b55e930ca8d8be10_NEIKI.exe"
1⤵
PID:2904
- C:\Windows\System\XuLjZwK.exe
  C:\Windows\System\XuLjZwK.exe
  2⤵
  PID:2504
- C:\Windows\System\YnjDUwK.exe
  C:\Windows\System\YnjDUwK.exe
  2⤵
  PID:2372
- C:\Windows\System\BYSUQbA.exe
  C:\Windows\System\BYSUQbA.exe
  2⤵
  PID:2872
- C:\Windows\System\JLBaOUS.exe
  C:\Windows\System\JLBaOUS.exe
  2⤵
  PID:1236
- C:\Windows\System\mDxeIVD.exe
  C:\Windows\System\mDxeIVD.exe
  2⤵
  PID:2004
- C:\Windows\System\SOiknFY.exe
  C:\Windows\System\SOiknFY.exe
  2⤵
  PID:2140
- C:\Windows\System\IAzZYvC.exe
  C:\Windows\System\IAzZYvC.exe
  2⤵
  PID:1524
- C:\Windows\System\ArZTZED.exe
  C:\Windows\System\ArZTZED.exe
  2⤵
  PID:1252
- C:\Windows\System\wcIczZz.exe
  C:\Windows\System\wcIczZz.exe
  2⤵
  PID:968
- C:\Windows\System\ZGIXbqL.exe
  C:\Windows\System\ZGIXbqL.exe
  2⤵
  PID:1348
- C:\Windows\System\zyljHmZ.exe
  C:\Windows\System\zyljHmZ.exe
  2⤵
  PID:1800
- C:\Windows\System\kxtkUHY.exe
  C:\Windows\System\kxtkUHY.exe
  2⤵
  PID:1124
- C:\Windows\System\fJQrBja.exe
  C:\Windows\System\fJQrBja.exe
  2⤵
  PID:1120
- C:\Windows\System\JpiYzwi.exe
  C:\Windows\System\JpiYzwi.exe
  2⤵
  PID:2816
- C:\Windows\System\FaCGfkj.exe
  C:\Windows\System\FaCGfkj.exe
  2⤵
  PID:944
- C:\Windows\System\MMydVEk.exe
  C:\Windows\System\MMydVEk.exe
  2⤵
  PID:2484
- C:\Windows\System\NQMXqxV.exe
  C:\Windows\System\NQMXqxV.exe
  2⤵
  PID:2144
- C:\Windows\System\ryDuUUz.exe
  C:\Windows\System\ryDuUUz.exe
  2⤵
  PID:2604
- C:\Windows\System\VsAnndj.exe
  C:\Windows\System\VsAnndj.exe
  2⤵
  PID:3212
- C:\Windows\System\CPbHpMH.exe
  C:\Windows\System\CPbHpMH.exe
  2⤵
  PID:3312
- C:\Windows\System\ADbHpib.exe
  C:\Windows\System\ADbHpib.exe
  2⤵
  PID:3520
- C:\Windows\System\XGDLNWA.exe
  C:\Windows\System\XGDLNWA.exe
  2⤵
  PID:3636
- C:\Windows\System\LwNPTGW.exe
  C:\Windows\System\LwNPTGW.exe
  2⤵
  PID:3652
- C:\Windows\System\bevldni.exe
  C:\Windows\System\bevldni.exe
  2⤵
  PID:3668
- C:\Windows\System\FnTLLbb.exe
  C:\Windows\System\FnTLLbb.exe
  2⤵
  PID:3684
- C:\Windows\System\PxiTcda.exe
  C:\Windows\System\PxiTcda.exe
  2⤵
  PID:3700
- C:\Windows\System\IfcTCfY.exe
  C:\Windows\System\IfcTCfY.exe
  2⤵
  PID:3716
- C:\Windows\System\ZQjgTnr.exe
  C:\Windows\System\ZQjgTnr.exe
  2⤵
  PID:3732
- C:\Windows\System\kwYGLkk.exe
  C:\Windows\System\kwYGLkk.exe
  2⤵
  PID:3748
- C:\Windows\System\JsAjENv.exe
  C:\Windows\System\JsAjENv.exe
  2⤵
  PID:3764
- C:\Windows\System\cfouIxI.exe
  C:\Windows\System\cfouIxI.exe
  2⤵
  PID:3780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\JHaQxbf.exe

Filesize
2.0MB

MD5
f47f97a5e0a49dd783d9b3d6ba93b68e

SHA1
5fa3ecd4c03ffb50c2fc95d400c1f946c20b0f95

SHA256
ee429c039567079a5a39238626e83c8d01f35ff6dc08c095197efa84a00f4a6f

SHA512
99ca6d461227834f1eaf6659fa04c839bbba46f39d85abd0fb1e3acd43c6f5e017f5e225b269953ddaf9ef0cac86ce3ba087918b158238b698cfc06efca1e452

Download Submit
C:\Windows\system\RvtefIw.exe

Filesize
1.9MB

MD5
fe4dc34b817419c46459c5f7dc89f5e1

SHA1
5dc15c81f3ecc81a24b860f049305d16cf5a6f62

SHA256
11abf44cc24ce4e4c59ba14302e4f29baffb7e8cdc6e4f59627e11851b73fb13

SHA512
9eac0f3e77dc3e549cdf2fcea0600dd6141b5f8340030980b0f5fba5f7cc8735cb68db441e70075f2860cfad9170d65243eb78627ca5deb76bda66b0b4485abc

Download Submit
C:\Windows\system\XuLjZwK.exe

Filesize
1.6MB

MD5
b5590ad5280dcd89533eb32e709837d7

SHA1
aea132463a81a7e0bcfe31527b9649b702be5626

SHA256
383692a1d429f17b15fb9a6405cbc618a9ede1ebfc938bacb21f06ef7d9b63c8

SHA512
e5a9474d88f0c404b3211d557914d322f55e2a7f3ab11aa88a0ce12b23f686e0c7f20bc2826fa41e820ce6cb43464f469df35d2961aa397e53dc28a4ecc5a531

Download Submit
C:\Windows\system\gRXVzbm.exe

Filesize
2.0MB

MD5
e2e45802e970ce7a9d85e09ee9d51cb6

SHA1
353229a9a14a8fdc26d30d83bf16343838d34689

SHA256
82fad785d11a0659c31f5c7880135443cf08695635a8152b6c39c0900affc8dd

SHA512
58f4dbef4327a5143fc234116063f27f69e191c7a9af1dd39d57544196d0983cdf29d121dad4bc0ab579362773b06fc542ccbcc29391d25053a3108cd15f0e73

Download Submit
C:\Windows\system\zsuHDFV.exe

Filesize
1.3MB

MD5
cee1d7c75ec08ec3a0aa1b8d4f177dfa

SHA1
1207597f2e309bc114f05644994b14dd66867494

SHA256
aa8ddc9425332a6bee37c4e0cdbeb60d28c71352fc9d454ff68cbf78457825d8

SHA512
83e5da81ccdb7e0e25cbade96c3e7093378153d455d369d7d4f6a3aea8f892a34b9bfa83bb0709e115260a1817b227b386a9401fd7ac3a3fca4238ed40b276eb

Download Submit
\Windows\system\EDCjZOW.exe

Filesize
2.0MB

MD5
65442a11b618e365f3933aba2394d788

SHA1
10ea8b56f9409110dc86caa0ae8f4e08e23dd441

SHA256
30964e351b91af4138f6dd7a399ddf33f59332785df7766770a16070bb2be591

SHA512
1928781018f616c5d8366ac76933de69c0e4663d4ea960ada0a83d307da3d93e66a40523c8f456d81e5df780cdf348be3190185884df6aee714f3fcf0d5aa5b7

Download Submit
\Windows\system\hvbVrxN.exe

Filesize
1.6MB

MD5
5dcce40d5d0b59df302d842fe20332ab

SHA1
4b947ba80bd4d4a43599c8a6755472b0a4b00359

SHA256
d0ae09d51b103e2b5c113f839efc3535f490ba3fac4f9e05e4d86babf969cfdf

SHA512
c3cf36c5dc0622106e881e6532c262bf7610cdceba9257f5c78f942184756016a70484a8b6ffbe3c986c239de31f6ab78db2075114c828ba0ec077e5dd480618

Download Submit
\Windows\system\zsuHDFV.exe

Filesize
1.4MB

MD5
d495c8d14dfb73423f0da61cde63542a

SHA1
7845b2db67ca31ad643a38c12c55cc7381a8dfb1

SHA256
5abb98dc37a56a4796619b9067bd79c7c461d3881127d7633b0c198d1abec318

SHA512
570349ec34070b0d6d3941b9bc1ad0ed79f9a0778c96b2a8457098b0eef442a293f1801d9279a1adc148b5ca498d73b85a3c00005133f764deda8281f7378cb9

Download Submit
memory/2560-114-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-0-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads