xmrig | 297f36e8bcc29d7ec6e75e1acf69abd745bcab5d5085763f058c99acab66e205

Analysis

max time kernel
8s
max time network
5s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e25200a80c509de4749d7ebda9e11c0_NeikiAnalytics.exe
Size

2.4MB
MD5

0e25200a80c509de4749d7ebda9e11c0
SHA1

2b6f92bc167bd6c76c15ea3deb39f6b7e802d90a
SHA256

297f36e8bcc29d7ec6e75e1acf69abd745bcab5d5085763f058c99acab66e205
SHA512

6ba7883e3f4d3a4ec79cc2b3ed8896cc9ed98b653e7a496dc5b7b991d9a1e0da58c2bcc3e6cf2992f09a981bf67b0fdb64b5e95839f5a3904f4c9be6a1676238
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+ABcYHM0NaLL1DUa:BemTLkNdfE0pZrn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 12 IoCs

miner

resource	yara_rule
behavioral1/files/0x0008000000013a51-18.dat	xmrig
behavioral1/files/0x0008000000013a51-23.dat	xmrig
behavioral1/files/0x0008000000013ab9-34.dat	xmrig
behavioral1/memory/2656-63-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0006000000014702-69.dat	xmrig
behavioral1/files/0x0006000000014b10-84.dat	xmrig
behavioral1/files/0x0006000000014ba7-97.dat	xmrig
behavioral1/memory/2824-106-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0006000000014dae-102.dat	xmrig
behavioral1/files/0x000600000001502c-122.dat	xmrig
behavioral1/files/0x0006000000015645-147.dat	xmrig
behavioral1/files/0x0006000000015c85-182.dat	xmrig

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000013a51-18.dat	upx
behavioral1/files/0x0008000000013a51-23.dat	upx
behavioral1/files/0x0008000000013ab9-34.dat	upx
behavioral1/memory/2656-63-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0006000000014702-69.dat	upx
behavioral1/files/0x0006000000014b10-84.dat	upx
behavioral1/files/0x0006000000014ba7-97.dat	upx
behavioral1/memory/2824-106-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0006000000014dae-102.dat	upx
behavioral1/files/0x000600000001502c-122.dat	upx
behavioral1/files/0x0006000000015645-147.dat	upx
behavioral1/files/0x0006000000015c85-182.dat	upx

C:\Windows\System\DdNlpWN.exe
C:\Windows\System\DdNlpWN.exe
1⤵
PID:2536

C:\Windows\System\oTtIhup.exe
C:\Windows\System\oTtIhup.exe
1⤵
PID:2640

C:\Windows\System\wQXcIVH.exe
C:\Windows\System\wQXcIVH.exe
1⤵
PID:2392

C:\Windows\System\BXhseTf.exe
C:\Windows\System\BXhseTf.exe
1⤵
PID:1588

C:\Windows\System\PDrOmLh.exe
C:\Windows\System\PDrOmLh.exe
1⤵
PID:2036

C:\Windows\System\MstOpfv.exe
C:\Windows\System\MstOpfv.exe
1⤵
PID:480

C:\Windows\System\kuMMeSx.exe
C:\Windows\System\kuMMeSx.exe
1⤵
PID:696

C:\Windows\System\wiIJVAg.exe
C:\Windows\System\wiIJVAg.exe
1⤵
PID:788

C:\Windows\System\sUONYGN.exe
C:\Windows\System\sUONYGN.exe
1⤵
PID:1792

C:\Windows\System\XpHZaWP.exe
C:\Windows\System\XpHZaWP.exe
1⤵
PID:1008

C:\Windows\System\zoLXxYM.exe
C:\Windows\System\zoLXxYM.exe
1⤵
PID:1652

C:\Windows\System\zlYhWIa.exe
C:\Windows\System\zlYhWIa.exe
1⤵
PID:1612

C:\Windows\System\MROBEAo.exe
C:\Windows\System\MROBEAo.exe
1⤵
PID:1916

C:\Windows\System\GdKQFch.exe
C:\Windows\System\GdKQFch.exe
1⤵
PID:2600

C:\Windows\System\yNgCTDa.exe
C:\Windows\System\yNgCTDa.exe
1⤵
PID:3048

C:\Windows\System\cTfkcVs.exe
C:\Windows\System\cTfkcVs.exe
1⤵
PID:3036

C:\Windows\System\ZDtIaNP.exe
C:\Windows\System\ZDtIaNP.exe
1⤵
PID:1484

C:\Windows\System\fKGsGdR.exe
C:\Windows\System\fKGsGdR.exe
1⤵
PID:2204

C:\Windows\System\SvBUswM.exe
C:\Windows\System\SvBUswM.exe
1⤵
PID:2488

C:\Windows\System\ZawPkDH.exe
C:\Windows\System\ZawPkDH.exe
1⤵
PID:2116

C:\Windows\System\WlnLcKX.exe
C:\Windows\System\WlnLcKX.exe
1⤵
PID:2316

C:\Windows\System\ohDWKIT.exe
C:\Windows\System\ohDWKIT.exe
1⤵
PID:2696

C:\Windows\System\NTRCxhv.exe
C:\Windows\System\NTRCxhv.exe
1⤵
PID:2848

C:\Windows\System\XtOkqkd.exe
C:\Windows\System\XtOkqkd.exe
1⤵
PID:928

C:\Windows\System\uOFeoJP.exe
C:\Windows\System\uOFeoJP.exe
1⤵
PID:888

C:\Windows\System\fEusLbj.exe
C:\Windows\System\fEusLbj.exe
1⤵
PID:3056

C:\Windows\System\AtDjtBY.exe
C:\Windows\System\AtDjtBY.exe
1⤵
PID:1004

C:\Windows\System\WWFdQWN.exe
C:\Windows\System\WWFdQWN.exe
1⤵
PID:2016

C:\Windows\System\zMPpzTf.exe
C:\Windows\System\zMPpzTf.exe
1⤵
PID:1596

C:\Windows\System\tfREjFc.exe
C:\Windows\System\tfREjFc.exe
1⤵
PID:896

C:\Windows\System\csnFrDw.exe
C:\Windows\System\csnFrDw.exe
1⤵
PID:2664

C:\Windows\System\HMoKKcj.exe
C:\Windows\System\HMoKKcj.exe
1⤵
PID:1268

C:\Windows\System\vRVargk.exe
C:\Windows\System\vRVargk.exe
1⤵
PID:3052

C:\Windows\System\XoFJJia.exe
C:\Windows\System\XoFJJia.exe
1⤵
PID:3148

C:\Windows\System\aBgQlYQ.exe
C:\Windows\System\aBgQlYQ.exe
1⤵
PID:3268

C:\Windows\System\SSsNHNB.exe
C:\Windows\System\SSsNHNB.exe
1⤵
PID:3372

C:\Windows\System\hwWYEkC.exe
C:\Windows\System\hwWYEkC.exe
1⤵
PID:3468

C:\Windows\System\hnZlKHR.exe
C:\Windows\System\hnZlKHR.exe
1⤵
PID:3508

C:\Windows\System\JIscROw.exe
C:\Windows\System\JIscROw.exe
1⤵
PID:3524

C:\Windows\System\TjHYHvL.exe
C:\Windows\System\TjHYHvL.exe
1⤵
PID:3556

C:\Windows\System\FDEgzak.exe
C:\Windows\System\FDEgzak.exe
1⤵
PID:3596

C:\Windows\System\UKWPgDC.exe
C:\Windows\System\UKWPgDC.exe
1⤵
PID:3616

C:\Windows\System\pFfkksR.exe
C:\Windows\System\pFfkksR.exe
1⤵
PID:3632

C:\Windows\System\TEerDQz.exe
C:\Windows\System\TEerDQz.exe
1⤵
PID:3652

C:\Windows\System\PwNOeyB.exe
C:\Windows\System\PwNOeyB.exe
1⤵
PID:3676

C:\Windows\System\ymDAlip.exe
C:\Windows\System\ymDAlip.exe
1⤵
PID:3696

C:\Windows\System\vawmbgn.exe
C:\Windows\System\vawmbgn.exe
1⤵
PID:3716

C:\Windows\System\QYjWEwC.exe
C:\Windows\System\QYjWEwC.exe
1⤵
PID:3732

C:\Windows\System\QoGXKmp.exe
C:\Windows\System\QoGXKmp.exe
1⤵
PID:3752

C:\Windows\System\RwMTYAX.exe
C:\Windows\System\RwMTYAX.exe
1⤵
PID:3768

C:\Windows\System\VVJQKzt.exe
C:\Windows\System\VVJQKzt.exe
1⤵
PID:3836

C:\Windows\System\XsNmSms.exe
C:\Windows\System\XsNmSms.exe
1⤵
PID:3868

C:\Windows\System\dIIgfnN.exe
C:\Windows\System\dIIgfnN.exe
1⤵
PID:3976

C:\Windows\System\UJPlAAi.exe
C:\Windows\System\UJPlAAi.exe
1⤵
PID:2644

C:\Windows\System\eavBvyq.exe
C:\Windows\System\eavBvyq.exe
1⤵
PID:3408

C:\Windows\System\VGyiqoA.exe
C:\Windows\System\VGyiqoA.exe
1⤵
PID:3336

C:\Windows\System\xfSbqSy.exe
C:\Windows\System\xfSbqSy.exe
1⤵
PID:3684

C:\Windows\System\OscigyF.exe
C:\Windows\System\OscigyF.exe
1⤵
PID:3664

C:\Windows\System\BdNQZDJ.exe
C:\Windows\System\BdNQZDJ.exe
1⤵
PID:756

C:\Windows\System\WcvJzSu.exe
C:\Windows\System\WcvJzSu.exe
1⤵
PID:1360

C:\Windows\System\kDNRHsN.exe
C:\Windows\System\kDNRHsN.exe
1⤵
PID:3108

C:\Windows\System\jjMhUpu.exe
C:\Windows\System\jjMhUpu.exe
1⤵
PID:2652

C:\Windows\System\FFDWbdl.exe
C:\Windows\System\FFDWbdl.exe
1⤵
PID:3080

C:\Windows\System\QOYEHjv.exe
C:\Windows\System\QOYEHjv.exe
1⤵
PID:2132

C:\Windows\System\qrTUzkB.exe
C:\Windows\System\qrTUzkB.exe
1⤵
PID:448

C:\Windows\System\sfBvwWH.exe
C:\Windows\System\sfBvwWH.exe
1⤵
PID:3776

C:\Windows\System\AizaSld.exe
C:\Windows\System\AizaSld.exe
1⤵
PID:3780

C:\Windows\System\xjTmqsV.exe
C:\Windows\System\xjTmqsV.exe
1⤵
PID:4000

C:\Windows\System\SnCkGQk.exe
C:\Windows\System\SnCkGQk.exe
1⤵
PID:3156

C:\Windows\System\hVWXupa.exe
C:\Windows\System\hVWXupa.exe
1⤵
PID:1876

C:\Windows\System\DvwvBLz.exe
C:\Windows\System\DvwvBLz.exe
1⤵
PID:2876

C:\Windows\System\JdsXglE.exe
C:\Windows\System\JdsXglE.exe
1⤵
PID:3572

C:\Windows\System\OjLRfcT.exe
C:\Windows\System\OjLRfcT.exe
1⤵
PID:2324

C:\Windows\System\oYYgJEY.exe
C:\Windows\System\oYYgJEY.exe
1⤵
PID:2280

C:\Windows\System\NtQQJHC.exe
C:\Windows\System\NtQQJHC.exe
1⤵
PID:4016

C:\Windows\System\mwVIrhf.exe
C:\Windows\System\mwVIrhf.exe
1⤵
PID:4192

C:\Windows\System\OVkFzTs.exe
C:\Windows\System\OVkFzTs.exe
1⤵
PID:4300

C:\Windows\System\NBsqFVa.exe
C:\Windows\System\NBsqFVa.exe
1⤵
PID:4388

C:\Windows\System\sQMYYBD.exe
C:\Windows\System\sQMYYBD.exe
1⤵
PID:4648

C:\Windows\System\oXMeruQ.exe
C:\Windows\System\oXMeruQ.exe
1⤵
PID:4752

C:\Windows\System\BRJuiaV.exe
C:\Windows\System\BRJuiaV.exe
1⤵
PID:4788

C:\Windows\System\DuCzRNK.exe
C:\Windows\System\DuCzRNK.exe
1⤵
PID:4948

C:\Windows\System\TBXIDpQ.exe
C:\Windows\System\TBXIDpQ.exe
1⤵
PID:5044

C:\Windows\System\nLPlrax.exe
C:\Windows\System\nLPlrax.exe
1⤵
PID:5104

C:\Windows\System\mTVxRzh.exe
C:\Windows\System\mTVxRzh.exe
1⤵
PID:3904

C:\Windows\System\hjTZYnT.exe
C:\Windows\System\hjTZYnT.exe
1⤵
PID:4348

C:\Windows\System\GdzaGyN.exe
C:\Windows\System\GdzaGyN.exe
1⤵
PID:4364

C:\Windows\System\LnxYCxo.exe
C:\Windows\System\LnxYCxo.exe
1⤵
PID:4604

C:\Windows\System\erLhksW.exe
C:\Windows\System\erLhksW.exe
1⤵
PID:4588

C:\Windows\System\KcEGFyV.exe
C:\Windows\System\KcEGFyV.exe
1⤵
PID:4852

C:\Windows\System\BvLfpvV.exe
C:\Windows\System\BvLfpvV.exe
1⤵
PID:4892

C:\Windows\System\lcfZQtT.exe
C:\Windows\System\lcfZQtT.exe
1⤵
PID:4052

C:\Windows\System\nlvhRhM.exe
C:\Windows\System\nlvhRhM.exe
1⤵
PID:4660

C:\Windows\System\xuMYPeX.exe
C:\Windows\System\xuMYPeX.exe
1⤵
PID:4456

C:\Windows\System\vnvviYK.exe
C:\Windows\System\vnvviYK.exe
1⤵
PID:4980

C:\Windows\System\UkhIGpD.exe
C:\Windows\System\UkhIGpD.exe
1⤵
PID:4760

C:\Windows\System\FrQLuLL.exe
C:\Windows\System\FrQLuLL.exe
1⤵
PID:4820

C:\Windows\System\HKVZxsc.exe
C:\Windows\System\HKVZxsc.exe
1⤵
PID:4656

C:\Windows\System\DyTKFmu.exe
C:\Windows\System\DyTKFmu.exe
1⤵
PID:5052

C:\Windows\System\CFJBxJU.exe
C:\Windows\System\CFJBxJU.exe
1⤵
PID:3900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DdNlpWN.exe

Filesize
1.7MB

MD5
14901e670fa8ee7bb26d13eff8a511bf

SHA1
626f938cd96933f3ca153022b5ceb5dfa057cd4f

SHA256
a007568f202f02ec0729411cd72758de2319d5d06b026aa2b505edb317880f72

SHA512
1241f48dc8b5bd397600d74fc02b5fa65d51249bdf92eb7ea2b54dfad8b983d4a8081ac79a4046cee5abb212e552cfd18f026c048ecb5035a814e73c737f3276

Download Submit
C:\Windows\system\fePinzj.exe

Filesize
2.4MB

MD5
c5ac80e0078d901342cff5be58fea5d1

SHA1
e5bd62d45c7187277af8f9ed412771feec1d31b7

SHA256
bae23fdd24e7d35c21a81a575e73eefdff7af2e132ec925d04b766ecc7e14b4d

SHA512
835eedab4e3b29f2e58c450a67a947329fdeccc87230d4ecf3218c1caecdf9945c940fd0e4b42025c5d2b48ad105b44ab939ea48a9c6e71de6aafa2f397920da

Download Submit
C:\Windows\system\gMHFmgC.exe

Filesize
2.4MB

MD5
cdb2a435452a430ee81369280551a807

SHA1
4f8254b2ed74129bd6873aac749acf89e72c0060

SHA256
4b5460e7e92b437251b6ed138c005ec4fd8a1d61916223ca849587e9790d9e0a

SHA512
3374eb93795612de5470752e8767a927db50cdcdaddcdca597ce59e53ed54d0d3d96ff4390157bbbadcc9e2c12df7c3db7415daa70eb4632913749e22c408994

Download Submit
C:\Windows\system\hQToXoS.exe

Filesize
2.4MB

MD5
526015525a25be4e9e312f4613e9aa79

SHA1
60305f6e2cee057033fa6462a5cfac4f08bddb5d

SHA256
1c44df40bf1f546679f1a22961d7dd2774a87ea5574d3c939e419076e03d1b3a

SHA512
ccd037175327095b09d4add0173f5c92f301a5acf801e6cab3ac99bfdba5557b8bd41e67ea1b2f44f71c4df6dfc9670affd2bd79940d237794e9171a97366e61

Download Submit
C:\Windows\system\oDTtXmc.exe

Filesize
1.9MB

MD5
fd7c6e586127a5cc36f4dbc8224ed1f4

SHA1
8bb2816440f693d2750b98512c774d84cfb55354

SHA256
9e33764c49bb9b2dac2c633a7eaf0451a84cf82648b732197884e2f0e1e93969

SHA512
f90843d959f5113c99ab8c1bd0ab56a61feb713bbe356ccf74d3093d044618a820f6018379f5a5ee7bcc763a9b902bb28dd9aebd945f6403710063bd5f2dc2bb

Download Submit
C:\Windows\system\oTtIhup.exe

Filesize
2.4MB

MD5
c1914398474e122c4f8a4f7d461ef277

SHA1
7788301ff0765a70bd1902e2d3392a71a2f6c638

SHA256
6268fe6025776aa6dcbea25fa6864700b06c82d048a703911cfa5c03e3ae7f52

SHA512
7141dc7450d32a5f93ef7fe2a5a66d778972c4a2114a0e7ffa028cc635b60d790923604055aa0e3e7cf4eb48513bfde6ca5b7727587acadfbcd070be0ddd929c

Download Submit
C:\Windows\system\yFHPBEI.exe

Filesize
2.4MB

MD5
064be63997a7c065b9d8168928425b52

SHA1
3242bf982dd6ccf1b8918802789138f47696e7ad

SHA256
42fe1ffd33e3f3e538b1936e867b3691e7a752951c7d45fb481f810539bf7479

SHA512
5534c1e3e8e9b3538893920ad6bc420381da0ed11583674b57f5f6a3edb6cec14a7d06201aa1d8b29d9272248bf8936516a3c72591bf89d444b04d52d119cee4

Download Submit
\Windows\system\DdNlpWN.exe

Filesize
2.4MB

MD5
eac3f7215633b4213a63346956a3c022

SHA1
cf06bb72cbe7d4d1d1f84587febeb6e70d0b5edf

SHA256
8749be39fe336a8401b2d98084229343e9f480d13c4f2e7c9e93c5f88a802e31

SHA512
8c252d80055336e41bf9973df7e14516fe55f3d343aa9e87ae5ea29616fe1a06a6d8f0c56b87bde4c1f078cf26ec5e14233ea29bf1b8ff168d28929f739b0782

Download Submit
\Windows\system\NIyicYx.exe

Filesize
2.4MB

MD5
76dfd4ace28ad6b4933b0a701a9861f9

SHA1
a58bc78775b5312102fb56e5b65b63c5e3b5a5ce

SHA256
26c055bfd4b362136d3f300aaa30a8dea678efde23381d040e0511b3603b5014

SHA512
9bf56aa0957819ea4fa0ae6187ff9ae329a0b85a510bba9581bc051157722261c2f9e9a45820cf1b1610afa6eed208870fc2dfe4964a269921b4f7334c7b5c34

Download Submit
\Windows\system\nAIOTDS.exe

Filesize
2.4MB

MD5
b9ade2432aba5f72799c9219c888653d

SHA1
c6a8e8b80be735f8949fb2b80b11def8797a2f5f

SHA256
4198cf7e7156b2fb1fff907c5570be3236e26b3b43f7250a0f74ea31ca59c88e

SHA512
9db2ce1cf491096ccd080052bd6f8b02bfb8470e0bd8ca324ce2ec9dd9646edec376ea655dd8980e1cd89e40ee31a2851d3f4d71b2371e42be981f9bebb6546e

Download Submit
memory/2656-63-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-106-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2972-58-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-8-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads