xmrig | 1eb70604b0de10415f6305e9ae671f40913f7ba56d35bc0198264fb76011d3b0

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 13:51

Target

28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe
Size

784KB
MD5

28622fa3efaa0c1e6cce38715ec6072f
SHA1

1b7ebd4f451ae7992d4404487a1c1d360e4611fb
SHA256

1eb70604b0de10415f6305e9ae671f40913f7ba56d35bc0198264fb76011d3b0
SHA512

aa0084f32a87761ca4a4a029ecffff8ed55c83076df8cc19ad5d62e37520e6c4b94770099f7a2763a5113e625fb8de3e6eb744402bfcfc556dff155cd71b236b
SSDEEP

24576:p4ma3wfkv8cefLokRBYQfeLbTJGsswre:fckLBYfLHJGsXe

Score

10^/10

xmrig miner upx

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 6 IoCs

miner

resource	yara_rule
behavioral2/memory/3108-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/3108-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4244-15-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/4244-20-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/4244-29-0x0000000005370000-0x0000000005503000-memory.dmp	xmrig
behavioral2/memory/4244-30-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
4244	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4244	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3108-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000a000000023462-11.dat	upx
behavioral2/memory/4244-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3108	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3108	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe
4244	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4244	3108	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe	84
PID 3108 wrote to memory of 4244	3108	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe	84
PID 3108 wrote to memory of 4244	3108	28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\28622fa3efaa0c1e6cce38715ec6072f_JaffaCakes118.exe

Filesize
784KB

MD5
6b0d693e772df8bdb2711f75ed366d64

SHA1
4140e64d7cbe3515508dc464b64f7516377e60d6

SHA256
fcfac18d7a9cb2b81b45d8d7e4a802a00be46e64430741695a58a50788712eb7

SHA512
e9d43838e648af28b62c59568f2fa774456e171c0cd0c5449343c41fea07936a9f7d9151701229f7d97dee42e1ac49979d7e28c595162ecd0da55090412fdb2b

Download Submit
memory/3108-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/3108-1-0x0000000001980000-0x0000000001A44000-memory.dmp

Filesize
784KB

Download
memory/3108-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/3108-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4244-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/4244-15-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/4244-16-0x0000000001980000-0x0000000001A44000-memory.dmp

Filesize
784KB

Download
memory/4244-20-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/4244-29-0x0000000005370000-0x0000000005503000-memory.dmp

Filesize
1.6MB

Download
memory/4244-30-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download