xmrig | b213cb29767592baa1dc0c42b43fecb8c84f273b32c1798365034a354511af32

Analysis

max time kernel
141s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 01:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe
Size

784KB
MD5

06fbb3a0b31f3f1073d2a40b1931447f
SHA1

dff614a21c0a6a3d08d57c1de6f339c6fff4bd39
SHA256

b213cb29767592baa1dc0c42b43fecb8c84f273b32c1798365034a354511af32
SHA512

9af1ffbb93be2cf41803dae1767b65e77c95004638c13be82fd5c92845a26b4a0b6377be7525fbed60a90221d0564f0f41d3a530810c7517d776e3641335d51e
SSDEEP

24576:aI+ca9Unqb19IXp6Z+dnlYpBHCxhB8l4:aPw49IHnCpIz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 5 IoCs

miner

resource	yara_rule
behavioral2/memory/4596-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4596-13-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/980-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/980-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/980-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
980	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
980	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4596-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x0008000000023244-12.dat	upx
behavioral2/memory/980-14-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4596	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4596	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe
980	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 980	4596	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe	92
PID 4596 wrote to memory of 980	4596	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe	92
PID 4596 wrote to memory of 980	4596	06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe	92

C:\Users\Admin\AppData\Local\Temp\06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Users\Admin\AppData\Local\Temp\06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3928 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\06fbb3a0b31f3f1073d2a40b1931447f_JaffaCakes118.exe

Filesize
784KB

MD5
68a87dcb5312bee745bc90e3abee905c

SHA1
9a5deb2c3569362b4aca94ac83c0a233db847504

SHA256
53c52ad71cccb8187b61863265bad763009327b529a049f947b85173e10ef3cd

SHA512
879fb7619e83de79d42567610f3c2c4bd680fbeb47c51245ab7e8e9741e64473ad8a2a549c31b2602ee142decc4ea8fd51e72f16c2765a549701335a49629ace

Download Submit
memory/980-14-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/980-20-0x00007FFFC4C70000-0x00007FFFC4E65000-memory.dmp

Filesize
2.0MB

Download
memory/980-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/980-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/980-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4596-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4596-1-0x00007FFFC4C70000-0x00007FFFC4E65000-memory.dmp

Filesize
2.0MB

Download
memory/4596-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4596-13-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download