xmrig | 75102a44a168c0487867998b34125ca5580ee2520cea2948fe1b3e247fd5a872

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe
Size

784KB
MD5

28cc4e524ce6adf76b96431399e14543
SHA1

8d42e5baf24bb673d1c1098b299f1b67256776f3
SHA256

75102a44a168c0487867998b34125ca5580ee2520cea2948fe1b3e247fd5a872
SHA512

8ddbed88c1fe4e8a1bbb00b23db47cfecdb41fa00dd123625fb6e21a47e9fa40099c960896b70cd6c61e76c3f165c19148476e934229f6abfcc13256e39f7f3d
SSDEEP

24576:iAhDGzr6meggYGioaXiandKAtifIqkceGSdB0/8Y+:ixzW7ggqJXiad3ifIikdWEY+

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/2232-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2232-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2524-17-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2524-33-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral1/memory/2524-34-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2524-30-0x0000000002FD0000-0x0000000003163000-memory.dmp	xmrig
behavioral1/memory/2524-23-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2524	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2524	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0008000000012119-10.dat	upx
behavioral1/memory/2232-15-0x0000000003250000-0x0000000003562000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe
2524	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2524	2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe	29
PID 2232 wrote to memory of 2524	2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe	29
PID 2232 wrote to memory of 2524	2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe	29
PID 2232 wrote to memory of 2524	2232	28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\28cc4e524ce6adf76b96431399e14543_JaffaCakes118.exe

Filesize
784KB

MD5
ab22e70ba8c100418efb24aeefbb9df0

SHA1
2f4065d3b0df937ec22f30a7058622c40ef3fb3a

SHA256
d5330b7b272aafe2913499adac22066a40504d7f8925131a1ec7bf922fcc4fe4

SHA512
44c4943e3d911a88ef6c0ad252ac70e3f92ab5393b37eebe18d17561ab78563a2daa7847c1512551197d3a33199b40533dab8575540dae462b2d641f1e1e33f9

Download Submit
memory/2232-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2232-6-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2232-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2232-15-0x0000000003250000-0x0000000003562000-memory.dmp

Filesize
3.1MB

Download
memory/2232-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2524-17-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2524-22-0x0000000000310000-0x00000000003D4000-memory.dmp

Filesize
784KB

Download
memory/2524-33-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2524-34-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2524-30-0x0000000002FD0000-0x0000000003163000-memory.dmp

Filesize
1.6MB

Download
memory/2524-23-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download