xmrig | 8b71d8c3378ffe85ac7a94d750a645c76f23804ce460a2357c47ca1e2e80fe59 | Triage

Submit
Reports

Overview

overview

Static

static

1

7687dc9e1f...5c.exe

windows7-x64

7687dc9e1f...5c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c.zip
Size

3.5MB
Sample

230311-pt98cahe75
MD5

b0bd99e815e97f1f630bc2d676a292a4
SHA1

ea1bb2c42751e47b0d0450152f1deca086478f2a
SHA256

8b71d8c3378ffe85ac7a94d750a645c76f23804ce460a2357c47ca1e2e80fe59
SHA512

39bc31743c2875b646595cdee5281959acec98dd199a736975e9b6cd9c0167fb8ce61d567b938da1d407f6d17a7bfa006458ce276393e6dc9c3479686f4da1cc
SSDEEP

49152:UYBnHid+ZhHAx0d7YS0iS3INajR2WXQk8mXPYNUou4cyWBpmcijjsUGJQ:UYFHiDxgfS3KajR3Xz8mXwNHYnmzP

Score

10^/10

xmrig evasion miner upx

Static task

static1

Behavioral task

behavioral1

Sample

7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c.exe

Resource

win7-20230220-en

xmrig evasion miner upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c.exe

Resource

win10v2004-20230220-en

xmrig evasion miner upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c.exe
- Size
  
  3.6MB
- MD5
  
  e5714adf276ab96cff90d3778ba51b7e
- SHA1
  
  5627bdf380aafe2b131c70e5c857739101a6fac3
- SHA256
  
  7687dc9e1f582c340a6ce1ffdc1db7b273608e635177f53b65f3cde51f7cf65c
- SHA512
  
  4dfd0f0e21c8a1865d6acaac6d66761a5b5c31a2fa0ca8960ad498a81930ff31579a56ee4e666b59b31f117e5d078305a1dd50d0a75cdc2a04733364425753c2
- SSDEEP
  
  98304:ee4H3qxuFh/zHgR7vjnOy3cQ0/r0UoEpQg9Kdaud4F:+vbg5Oy6/r0Uhd9Kdpd4F
Score

10^/10

xmrig evasion miner upx
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionminerupx

behavioral2

xmrigevasionminerupx

© 2018-2025

Terms | Privacy