Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

78ecee4dc4...63.exe

windows7-x64

10

78ecee4dc4...63.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78ecee4dc4157d64a3abb64c57a08b63.exe

  • Size

    784KB

  • MD5

    78ecee4dc4157d64a3abb64c57a08b63

  • SHA1

    9a39c2f03fa4076d8a51ef0f2434c536551d56b9

  • SHA256

    5e286da2f213145ceaab951c1d3b69791d7aa1f07e5be7ffde278835cc38144e

  • SHA512

    c624fe40a2a1ba676d6a784327aa83588fc5d5cc0c8a140ff0bcffb4774ee62452b281e8fc8cc74fecb3127c98caa29ec18ba707a486466654cfec88b5bb1eda

  • SSDEEP

    12288:CHO6t6Ii/AVl6hj/Pjvu7yyoGvfBR8rGfZZDESjeYFc8++60eG6yQKimdFFwkE:2iFzyoGvJRsGf7DDd+VrVADbwkE

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78ecee4dc4157d64a3abb64c57a08b63.exe
    "C:\Users\Admin\AppData\Local\Temp\78ecee4dc4157d64a3abb64c57a08b63.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3744
    • C:\Users\Admin\AppData\Local\Temp\78ecee4dc4157d64a3abb64c57a08b63.exe
      C:\Users\Admin\AppData\Local\Temp\78ecee4dc4157d64a3abb64c57a08b63.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\78ecee4dc4157d64a3abb64c57a08b63.exe
    Filesize

    173KB

    MD5

    04348ad6f9c93d942e82173abf293781

    SHA1

    a5ab8aa0c702476e7a55ab21f9d6f75148c734aa

    SHA256

    02ffc441b884034fc44fa72fe276a4f9e871ec0186812f66be612d84b898c269

    SHA512

    0ac1462ee6b572a34a7f60c26e920cb2c1a7cbf8d9af9cdb8d7d1036c9cc4609932e3e6e9f7050e9f864dbbac1c2530cf8ccd74f4859ec95477b84cbed096787

    Download Submit

  • memory/3224-13-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3224-14-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3224-15-0x0000000001A60000-0x0000000001B24000-memory.dmp

    Filesize

    784KB

    Download

  • memory/3224-21-0x0000000005450000-0x00000000055E3000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3224-30-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3224-20-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3744-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3744-2-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3744-1-0x00000000019C0000-0x0000000001A84000-memory.dmp

    Filesize

    784KB

    Download

  • memory/3744-12-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download