xmrig | 30a6fdcb6cc8b3f1cbe835da4e97311d93163e376e9851e24c02bf6e87f75cd2

Analysis

max time kernel
9s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 01:33

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

bcc2891c393dbb77c3f3197e0c2267f0_NeikiAnalytics.exe
Size

1.6MB
MD5

bcc2891c393dbb77c3f3197e0c2267f0
SHA1

158bea548c2c69d6f5308193c8d2ce551a7cc6cd
SHA256

30a6fdcb6cc8b3f1cbe835da4e97311d93163e376e9851e24c02bf6e87f75cd2
SHA512

b8ba10b37a29f2ba732ac86d8dc758d2295af2c8c305ce030d8d8518ace94f19547da7fcf3460b9761b34e1346a86411c047d97328d937beb01b4b23d96d15eb
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727ZvhwoONE6phFrMiBsQVWGoPN966xy5eAOkzJsfEF+:ROdWCCi7/rahFD2P6QV8NcxeLkOP24

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral2/memory/388-58-0x00007FF6939E0000-0x00007FF693D31000-memory.dmp	xmrig

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4296-0-0x00007FF6A8DE0000-0x00007FF6A9131000-memory.dmp	upx
behavioral2/files/0x000800000002346d-14.dat	upx
behavioral2/files/0x000700000002346f-23.dat	upx
behavioral2/files/0x0007000000023474-47.dat	upx
behavioral2/files/0x0007000000023473-48.dat	upx
behavioral2/memory/388-58-0x00007FF6939E0000-0x00007FF693D31000-memory.dmp	upx
behavioral2/files/0x0007000000023476-63.dat	upx
behavioral2/files/0x0007000000023475-68.dat	upx
behavioral2/files/0x0007000000023478-76.dat	upx
behavioral2/files/0x000700000002347b-89.dat	upx
behavioral2/files/0x000700000002347d-99.dat	upx
behavioral2/files/0x000700000002347d-107.dat	upx
behavioral2/files/0x0007000000023485-139.dat	upx
behavioral2/files/0x0007000000023485-147.dat	upx
behavioral2/memory/3592-528-0x00007FF72A1F0000-0x00007FF72A541000-memory.dmp	upx
behavioral2/memory/5084-531-0x00007FF758FF0000-0x00007FF759341000-memory.dmp	upx
behavioral2/memory/3204-532-0x00007FF6F52B0000-0x00007FF6F5601000-memory.dmp	upx
behavioral2/memory/3316-535-0x00007FF7F85C0000-0x00007FF7F8911000-memory.dmp	upx
behavioral2/memory/2340-537-0x00007FF6C5B80000-0x00007FF6C5ED1000-memory.dmp	upx
behavioral2/memory/1944-539-0x00007FF72FC90000-0x00007FF72FFE1000-memory.dmp	upx

C:\Windows\System\vWoyaZz.exe
C:\Windows\System\vWoyaZz.exe
1⤵
PID:3804

C:\Windows\System\FyfElle.exe
C:\Windows\System\FyfElle.exe
1⤵
PID:4416

C:\Windows\System\aqPYHvQ.exe
C:\Windows\System\aqPYHvQ.exe
1⤵
PID:388

C:\Windows\System\vaFPwPQ.exe
C:\Windows\System\vaFPwPQ.exe
1⤵
PID:1140

C:\Windows\System\qnglKIM.exe
C:\Windows\System\qnglKIM.exe
1⤵
PID:2320

C:\Windows\System\tEcTrWu.exe
C:\Windows\System\tEcTrWu.exe
1⤵
PID:4612

C:\Windows\System\QrFsDJC.exe
C:\Windows\System\QrFsDJC.exe
1⤵
PID:1436

C:\Windows\System\tltJWcI.exe
C:\Windows\System\tltJWcI.exe
1⤵
PID:3616

C:\Windows\System\TBnnEpp.exe
C:\Windows\System\TBnnEpp.exe
1⤵
PID:2456

C:\Windows\System\yuFoOYK.exe
C:\Windows\System\yuFoOYK.exe
1⤵
PID:4684

C:\Windows\System\VkYcSmP.exe
C:\Windows\System\VkYcSmP.exe
1⤵
PID:1120

C:\Windows\System\JqZdyKW.exe
C:\Windows\System\JqZdyKW.exe
1⤵
PID:2752

C:\Windows\System\cZLqxXK.exe
C:\Windows\System\cZLqxXK.exe
1⤵
PID:2992

C:\Windows\System\KCmwGax.exe
C:\Windows\System\KCmwGax.exe
1⤵
PID:4680

C:\Windows\System\EtDndNv.exe
C:\Windows\System\EtDndNv.exe
1⤵
PID:5148

C:\Windows\System\oZBZNEt.exe
C:\Windows\System\oZBZNEt.exe
1⤵
PID:5312

C:\Windows\System\kNIdBIN.exe
C:\Windows\System\kNIdBIN.exe
1⤵
PID:5424

C:\Windows\System\SWAkiOQ.exe
C:\Windows\System\SWAkiOQ.exe
1⤵
PID:5532

C:\Windows\System\SqIDcNG.exe
C:\Windows\System\SqIDcNG.exe
1⤵
PID:5732

C:\Windows\System\SqGYFrh.exe
C:\Windows\System\SqGYFrh.exe
1⤵
PID:5868

C:\Windows\System\NjnnJAb.exe
C:\Windows\System\NjnnJAb.exe
1⤵
PID:5984

C:\Windows\System\ZmdlNAR.exe
C:\Windows\System\ZmdlNAR.exe
1⤵
PID:6096

C:\Windows\System\EomRobQ.exe
C:\Windows\System\EomRobQ.exe
1⤵
PID:4720

C:\Windows\System\wQCBwcV.exe
C:\Windows\System\wQCBwcV.exe
1⤵
PID:5168

C:\Windows\System\imkimFT.exe
C:\Windows\System\imkimFT.exe
1⤵
PID:5296

C:\Windows\System\iCCsDGU.exe
C:\Windows\System\iCCsDGU.exe
1⤵
PID:5548

C:\Windows\System\pSEkDbk.exe
C:\Windows\System\pSEkDbk.exe
1⤵
PID:5772

C:\Windows\System\aeLslqT.exe
C:\Windows\System\aeLslqT.exe
1⤵
PID:5968

C:\Windows\System\YxfThrT.exe
C:\Windows\System\YxfThrT.exe
1⤵
PID:6116

C:\Windows\System\egAJpuM.exe
C:\Windows\System\egAJpuM.exe
1⤵
PID:5136

C:\Windows\System\pOhDdID.exe
C:\Windows\System\pOhDdID.exe
1⤵
PID:5468

C:\Windows\System\sRLxZZX.exe
C:\Windows\System\sRLxZZX.exe
1⤵
PID:2408

C:\Windows\System\MkcHvPE.exe
C:\Windows\System\MkcHvPE.exe
1⤵
PID:5828

C:\Windows\System\fqkttDU.exe
C:\Windows\System\fqkttDU.exe
1⤵
PID:6108

C:\Windows\System\XUpCkIY.exe
C:\Windows\System\XUpCkIY.exe
1⤵
PID:4280

C:\Windows\System\LcZcKgF.exe
C:\Windows\System\LcZcKgF.exe
1⤵
PID:4508

C:\Windows\System\ndzRFRg.exe
C:\Windows\System\ndzRFRg.exe
1⤵
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AQmcMjI.exe

Filesize
1.1MB

MD5
fb72c56d21c4d19268b2da444cf1ee28

SHA1
713eccc7633aa408f25131815bfbd1cb4533e8b8

SHA256
ff8f04cf141206943bffe0d796236078eeb389544b426826b90f99b750ffc388

SHA512
13f3263713e9f42c0d8309f88969c2d5f8885ce74ea1a5aa55c8831d55a2751ef2ec9f302220235e491ffa38cfa154f42ec7f542b930132d5a74b0208836258b

Download Submit
C:\Windows\System\NJTAvks.exe

Filesize
1.3MB

MD5
1c17ae06f09a10a2e849e9a90a3a76dc

SHA1
d5ff1759b18c42678db9ecd2781dba3a0eaf1278

SHA256
18a1c783c7eae04a605641ef56f2a20fe731b17e8a239bcb21f2c3d671acb820

SHA512
7e4d765d9fd072a476f5be04b68dc00b9964634fb66b8408fedce7da8707a1123737f06c58793cb13401ef56b0a507af30faa65521442374015f7838e0bcf757

Download Submit
C:\Windows\System\NdHgJhe.exe

Filesize
1.4MB

MD5
21a4f56909de83a296838b57863cdda8

SHA1
50aa806c96a70ca6aeae020d0787e3514e22b62e

SHA256
b5b890e2c371e104dced648949acfc12be86630b1c096145a1e58b042c017564

SHA512
8719bd175189d87e0aeec6973c58accaccf7be5b82eadaf7caf77272a8fd5ee7c1c701481eb2637c7c00a955fdbdaa5b06efcd6bf49baa15e406de2d7cdb8214

Download Submit
C:\Windows\System\OXZXfbz.exe

Filesize
1.2MB

MD5
2b5144f106f6db599f19d3788658f61c

SHA1
aa0819270eb9b14288ceca14cfcbb50f8130224a

SHA256
1692f963557d116bcd923b9f5a145c9426c90f9351db1c25a6207a07003d478b

SHA512
6c380afe8d83872c9c0f7c02c47c0ed85a26d578eee09387d7665ed86e69412261f3b73e3252e752faad0bca30c7af2e21be801d5b502e8f6d24bf3182de71e1

Download Submit
C:\Windows\System\VEdIxwD.exe

Filesize
1.4MB

MD5
27cb29ac193c9346b02dd7610b2a52fc

SHA1
5b1d15cfcbf72fe7e7b1116e645ce8cf092db15e

SHA256
b5b15a0fd0d499b5261054450e060d213a51814c86ac21baac0450ed8145c970

SHA512
67ce050034c16b9e7608904fa524e82fce8653eef3d84d40a44a6344a66b74e91889043813a0165ed3dd0de11122b7f3f91fc1b578183f77c41beb8595cbfa27

Download Submit
C:\Windows\System\aqPYHvQ.exe

Filesize
1.3MB

MD5
cfa975de73bc859822c483611d6791e8

SHA1
620e6fea41b4c1b38039fcb7ce287248b9775ea2

SHA256
907605178f05b2db99a5f979c76d65efd9eacc4b38f437e7809e1e0d06147212

SHA512
d441a7908ce6f851a2df7056b5b3156682c80607e2dd3727a2ac6e56359740bf34c303262c3c459c9273eabb1880cee2927553434102e447a959332d069b74fb

Download Submit
C:\Windows\System\eJwdQSp.exe

Filesize
1.1MB

MD5
e01f8fbc1ebcab397e2e671765e85f86

SHA1
1733c8f0e8380317e97de59d2bcee5d71ec57988

SHA256
794117d3cfbd0418b5f89c778635a51d1c81019f37baf7f341d5141bc00a5eb3

SHA512
d576102b64f98473aa1d0ba52103dfa4c624285de8d9ce52f6b1c60a5e7a87f106cce6e4e4beaf40f0232c4d53238adf6c677ee854f365b767f0c35fc7ed0482

Download Submit
C:\Windows\System\eJwdQSp.exe

Filesize
1.3MB

MD5
4a0dc2133d887f67cce9ab593a842ca1

SHA1
ddb3ac7eb84182450ab5bb9bd1a14e015d70021b

SHA256
ee97739930fd6b5c311d612444c8992a1af7c097544f9a493bcfeb6add8b2527

SHA512
d9356d3e0f4c732abdd4a5e306a618b5e3f75e0a31c825ad6ce9ac7ddadd2bfcbdac122fe83adefba0b6c6dd01f94c89880acb213ab9fae6e2897e9f0ce4322c

Download Submit
C:\Windows\System\hYZrSJg.exe

Filesize
1.6MB

MD5
0ca3ef48c59743b6626d4949c8168938

SHA1
34248b68afc584616f206d03bf86fa11e946b7a8

SHA256
1698e280a0441fb70e1d9c556884b3583495eac4d9f24180b3be3776cd8d7cbc

SHA512
82cc6518a031703a2d565a46c2142fdda66804cde38dce98bbdcb8abfd2c1d379a570c0fe2107df76341dc77a2cad1d1d7f91c965d4a1d2e21d59b54ead23ff0

Download Submit
C:\Windows\System\qnglKIM.exe

Filesize
1.5MB

MD5
71f76d38588ba4575728c355e323ba8e

SHA1
6576275ffdbd2af32713a173c264ce9b68f7e371

SHA256
3b9d3cad8e0daa864cbe3e3ca2f766002db50bb144dfb5ec8c0110d85b274884

SHA512
9cd635e5ab7e613f771b4728c61cd28c8f55162f007b6f77c5cb91a1c9b1cd8f4004d01c4e178bed027310b8cd0ad2d98f2b08bf1aed9a3a99bb820c5505aab5

Download Submit
C:\Windows\System\qnglKIM.exe

Filesize
1.6MB

MD5
a62fc7d1b77c27341438269a39301f54

SHA1
030e90d9e865f7c1c89d1e899af750d25b0a755d

SHA256
52fa7af2d73d8b28625a5df973dea3887ce0968b7960ae12f0f442a58dee22dd

SHA512
2589686b9cda8fbbd76164fbe1c3c1e68c5e4d8282f7d807258c76a2ad09afad2396614da41f46ad23933a4dccf7158bbf09fb92cf8efc80ec60c734c64fc5fd

Download Submit
C:\Windows\System\vaFPwPQ.exe

Filesize
1.1MB

MD5
f47c841ef1e20c556a0eeb9fb4e4fc03

SHA1
b6d446a1224ba9bf89ca6b5d84620e3f21963a09

SHA256
22eed48a50865e317daab09d98f414b349fb2bd2d30ff8c7163380e8e42c6982

SHA512
44cb73e28b124eb48ca62258fc68697be7dd879b0f6a6f7cdc5e3e53d2e71f52632efb24fb665c8966276a8ef81dfcffdc3dd1b58137657e2466ea096ed7ef72

Download Submit
memory/388-58-0x00007FF6939E0000-0x00007FF693D31000-memory.dmp

Filesize
3.3MB

Download
memory/1944-539-0x00007FF72FC90000-0x00007FF72FFE1000-memory.dmp

Filesize
3.3MB

Download
memory/2340-537-0x00007FF6C5B80000-0x00007FF6C5ED1000-memory.dmp

Filesize
3.3MB

Download
memory/3204-532-0x00007FF6F52B0000-0x00007FF6F5601000-memory.dmp

Filesize
3.3MB

Download
memory/3316-535-0x00007FF7F85C0000-0x00007FF7F8911000-memory.dmp

Filesize
3.3MB

Download
memory/3592-528-0x00007FF72A1F0000-0x00007FF72A541000-memory.dmp

Filesize
3.3MB

Download
memory/4296-0-0x00007FF6A8DE0000-0x00007FF6A9131000-memory.dmp

Filesize
3.3MB

Download
memory/4296-1-0x00000202A7300000-0x00000202A7310000-memory.dmp

Filesize
64KB

Download
memory/5084-531-0x00007FF758FF0000-0x00007FF759341000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads