xmrig | 92c2d9af23d31859daf1f8458ebcc787e967a46bc9a6fe8a59ae2380795d12b4

Analysis

max time kernel
94s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

467817744a228f603d0aede6b7450444_JaffaCakes118.exe
Size

784KB
MD5

467817744a228f603d0aede6b7450444
SHA1

c3d34462529899d4a7327f91bece5f30f5b4d2e6
SHA256

92c2d9af23d31859daf1f8458ebcc787e967a46bc9a6fe8a59ae2380795d12b4
SHA512

0029a11693531bef87dc317e47a0107f17bde4881c228a91138f414bf6e364231b0ce7d79558a9260339c17ee5943de4fbb89511455e62ee186b911329b561a0
SSDEEP

24576:WPCtBZtEH9wvbV83SGTc38i4OIcQpI/Qwuut:WPWBZtYOz23SGTejIcQp

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral2/memory/2028-2-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2028-12-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2168-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral2/memory/2168-20-0x0000000005300000-0x0000000005493000-memory.dmp	xmrig
behavioral2/memory/2168-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral2/memory/2168-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig
behavioral2/memory/2168-31-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2168	467817744a228f603d0aede6b7450444_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2168	467817744a228f603d0aede6b7450444_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2028-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral2/files/0x000900000002349c-11.dat	upx
behavioral2/memory/2168-13-0x0000000000400000-0x0000000000712000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2028	467817744a228f603d0aede6b7450444_JaffaCakes118.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2028	467817744a228f603d0aede6b7450444_JaffaCakes118.exe
2168	467817744a228f603d0aede6b7450444_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2168	2028	467817744a228f603d0aede6b7450444_JaffaCakes118.exe	86
PID 2028 wrote to memory of 2168	2028	467817744a228f603d0aede6b7450444_JaffaCakes118.exe	86
PID 2028 wrote to memory of 2168	2028	467817744a228f603d0aede6b7450444_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\467817744a228f603d0aede6b7450444_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\467817744a228f603d0aede6b7450444_JaffaCakes118.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\467817744a228f603d0aede6b7450444_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\467817744a228f603d0aede6b7450444_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\467817744a228f603d0aede6b7450444_JaffaCakes118.exe

Filesize
784KB

MD5
c511923d3f4706125db94896658058fc

SHA1
d59110029579124ac13938bf0523a6a29873a177

SHA256
5a0e1d2cea23c0348aa601c52ae258408f339362b054df4735118af4c3b75295

SHA512
63b447737302498ac0f0d96a13a50ae9b7bbf80c27876c4e0a8bbbfb482bd5a7161d24a5f106464cd88630d511be6a781b305e3f426e1c9a1e70ce0ebe06ad25

Download Submit
memory/2028-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2028-1-0x0000000001AB0000-0x0000000001B74000-memory.dmp

Filesize
784KB

Download
memory/2028-2-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2028-12-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2168-13-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2168-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2168-20-0x0000000005300000-0x0000000005493000-memory.dmp

Filesize
1.6MB

Download
memory/2168-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2168-19-0x0000000001A90000-0x0000000001B54000-memory.dmp

Filesize
784KB

Download
memory/2168-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download
memory/2168-31-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download