xmrig | 53b37a734ab27bb40626c6434029defbebe8470f2d89b97e7ce85b40c9a3b05f | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/12/2024, 00:17

Sharing

Report Analysis Logs

General

Target

xmrig-6.22.2/benchmark_1M.cmd
Size

60B
MD5

cba1927cf6959dc99ecbd0c553e4db6f
SHA1

7f2d59cfdf2b0550d22ac54d0b1fa5ac8f8b5f57
SHA256

d7747e7a3c782009f4ceb6e9c106115876386853929563b509da5258e3968d15
SHA512

c78ab9b017153c497ef2d0f568ade265ae9b60238ebdb36d8ef7ecc4d232cd90fd5fdc5b600bb26437466c7300e571b95b4ff92a7f024a981a02196a14d6e3f1

Score

10^/10

xmrig miner

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 1 IoCs

resource	yara_rule
behavioral5/memory/2016-0-0x000000013FF50000-0x0000000140B84000-memory.dmp	xmrig

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2016	2568	cmd.exe	31
PID 2568 wrote to memory of 2016	2568	cmd.exe	31
PID 2568 wrote to memory of 2016	2568	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.2\benchmark_1M.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\xmrig-6.22.2\xmrig.exe
  xmrig.exe --bench=1M --submit
  2⤵
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-0-0x000000013FF50000-0x0000000140B84000-memory.dmp

Filesize
12.2MB

Download