xmrig | 7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

e5714adf27...7e.exe

windows7-x64

e5714adf27...7e.exe

windows10-2004-x64

Sharing

General

Target

e5714adf276ab96cff90d3778ba51b7e.exe
Size

3.6MB
Sample

230310-pkgvfade95
MD5

e5714adf276ab96cff90d3778ba51b7e
SHA1

5627bdf380aafe2b131c70e5c857739101a6fac3
SHA256

7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c
SHA512

4dfd0f0e21c8a1865d6acaac6d66761a5b5c31a2fa0ca8960ad498a81930ff31579a56ee4e666b59b31f117e5d078305a1dd50d0a75cdc2a04733364425753c2
SSDEEP

98304:ee4H3qxuFh/zHgR7vjnOy3cQ0/r0UoEpQg9Kdaud4F:+vbg5Oy6/r0Uhd9Kdpd4F

Score

10^/10

xmrig evasion miner upx

Static task

static1

Behavioral task

behavioral1

Sample

e5714adf276ab96cff90d3778ba51b7e.exe

Resource

win7-20230220-en

xmrig evasion miner upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5714adf276ab96cff90d3778ba51b7e.exe

Resource

win10v2004-20230220-en

xmrig evasion miner upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  e5714adf276ab96cff90d3778ba51b7e.exe
- Size
  
  3.6MB
- MD5
  
  e5714adf276ab96cff90d3778ba51b7e
- SHA1
  
  5627bdf380aafe2b131c70e5c857739101a6fac3
- SHA256
  
  7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c
- SHA512
  
  4dfd0f0e21c8a1865d6acaac6d66761a5b5c31a2fa0ca8960ad498a81930ff31579a56ee4e666b59b31f117e5d078305a1dd50d0a75cdc2a04733364425753c2
- SSDEEP
  
  98304:ee4H3qxuFh/zHgR7vjnOy3cQ0/r0UoEpQg9Kdaud4F:+vbg5Oy6/r0Uhd9Kdpd4F
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerupx

behavioral2

xmrigevasionminerupx

© 2018-2025

Terms | Privacy