xmrig | c12731c930aa2fc0c8759df733894d94507e368eed0b9424801b3e709bbfc880

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ad852eebdaaaca8f887b5d0536b40a0N.exe
Size

784KB
MD5

5ad852eebdaaaca8f887b5d0536b40a0
SHA1

0dad3103d036fa8459956061279e948528a26ae7
SHA256

c12731c930aa2fc0c8759df733894d94507e368eed0b9424801b3e709bbfc880
SHA512

dafe72ed11b9eef6446feb94665984a39fbaf08b0db4106cd38f54736220f828167edf9cc8451fc6a1d13dcb2733b0b7e1bb1079e0c3417511bbbcf09648f78c
SSDEEP

24576:gFnfE1bTS8bgiyDGZUWORET8CAewlSrVT:gFnfE1Xbgi9DOlnlyT

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

resource	yara_rule
behavioral1/memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2064-16-0x0000000000400000-0x0000000000593000-memory.dmp	xmrig
behavioral1/memory/2064-33-0x0000000000400000-0x0000000000712000-memory.dmp	xmrig
behavioral1/memory/2064-32-0x0000000003140000-0x00000000032D3000-memory.dmp	xmrig
behavioral1/memory/2064-21-0x0000000000400000-0x0000000000587000-memory.dmp	xmrig
behavioral1/memory/2064-30-0x00000000005A0000-0x000000000071F000-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
2064	5ad852eebdaaaca8f887b5d0536b40a0N.exe

Executes dropped EXE 1 IoCs

pid	Process
2064	5ad852eebdaaaca8f887b5d0536b40a0N.exe

Loads dropped DLL 1 IoCs

pid	Process
1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp	upx
behavioral1/files/0x0009000000012286-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe
2064	5ad852eebdaaaca8f887b5d0536b40a0N.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2064	1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe	29
PID 1636 wrote to memory of 2064	1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe	29
PID 1636 wrote to memory of 2064	1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe	29
PID 1636 wrote to memory of 2064	1636	5ad852eebdaaaca8f887b5d0536b40a0N.exe	29

C:\Users\Admin\AppData\Local\Temp\5ad852eebdaaaca8f887b5d0536b40a0N.exe
"C:\Users\Admin\AppData\Local\Temp\5ad852eebdaaaca8f887b5d0536b40a0N.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\5ad852eebdaaaca8f887b5d0536b40a0N.exe
  C:\Users\Admin\AppData\Local\Temp\5ad852eebdaaaca8f887b5d0536b40a0N.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\5ad852eebdaaaca8f887b5d0536b40a0N.exe

Filesize
784KB

MD5
8dc67dc5f7f59a2dcdb42812000c5b69

SHA1
26f8a815e6eb3527dfeef950997a9fc7837d2627

SHA256
602899b139e1b47d026eba289b8bc02a7d97a6d528c2fd782d6e92f9bfe73d5f

SHA512
b1d9b405dd620a13babfc5edea61893a0d907de48fa05c92dee7bbc9f0e9e306f97738dd44d3e40033f3782b2934ec96e228a47c99bade080547f2204eae9d09

Download Submit
memory/1636-0-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/1636-14-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1636-1-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1636-9-0x0000000001720000-0x00000000017E4000-memory.dmp

Filesize
784KB

Download
memory/2064-16-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/2064-31-0x0000000000120000-0x00000000001E4000-memory.dmp

Filesize
784KB

Download
memory/2064-33-0x0000000000400000-0x0000000000712000-memory.dmp

Filesize
3.1MB

Download
memory/2064-32-0x0000000003140000-0x00000000032D3000-memory.dmp

Filesize
1.6MB

Download
memory/2064-21-0x0000000000400000-0x0000000000587000-memory.dmp

Filesize
1.5MB

Download
memory/2064-30-0x00000000005A0000-0x000000000071F000-memory.dmp

Filesize
1.5MB

Download