Overview

overview

10

Static

static

5

c18ea8bd83...78.exe

windows7-x64

10

c18ea8bd83...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278.exe

  • Size

    2.0MB

  • MD5

    932daa7da28f9391121b242f19872a3c

  • SHA1

    b3aa895a279ecfa818ddcadbafa7ca06b38310fe

  • SHA256

    c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278

  • SHA512

    3f7a11d75c9bc89ad6c271566e10d574059f5a3ee7f2665d8e89e733c05ba45f3fab27e2ca8e3a20a02cd45cc76a7c2302d8a44b242b070779ccf3a575dcc57a

  • SSDEEP

    49152:unER8XfHaTheribOUfUhWhKtdOppFjwWZwqPh/KKlUm3eeq:UbMe2bbfUhWh+dOppFgqPhC0q

Score
10/10
xmrigdiscoveryminerupx

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 7 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278.exe
    "C:\Users\Admin\AppData\Local\Temp\c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278.exe
      C:\Users\Admin\AppData\Local\Temp\c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c18ea8bd83209dfae2c7ec945031e6a001f4eeb5387d039bed18e7df8eb06278.exe
    Filesize

    2.0MB

    MD5

    e624541e82865f653e36bc322892d9cc

    SHA1

    d79e678a27b790f0fa6af41956c6e298e0889aae

    SHA256

    a54993c16783f6732bab47d62bea956bc7655bf92773489618a2653e4c6f46bf

    SHA512

    a3f72453719a188553dde5ef906ca6ae0a6bd2bf576c176f2d3419f3f7c3bb9ba069d7fd5093d1a3e3971fb629e3c8cb28cb4e72b3bc1a863a8368ae02106edc

    Download Submit

  • memory/1972-0-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/1972-1-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1972-10-0x0000000021D30000-0x0000000021ECE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1972-15-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2552-40-0x0000000000400000-0x000000000057C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2552-41-0x0000000023910000-0x0000000023A92000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2552-39-0x0000000021C20000-0x0000000021DBE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2552-38-0x00000000235F0000-0x0000000023783000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2552-29-0x0000000000400000-0x000000000057C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2552-28-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/2552-23-0x0000000000400000-0x0000000000582000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2552-42-0x0000000023910000-0x0000000023A92000-memory.dmp

    Filesize

    1.5MB

    Download