Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

c6a9a50cd8...c8.exe

windows7-x64

10

c6a9a50cd8...c8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6a9a50cd834e9c44aee30cafaabbdc8.exe

  • Size

    784KB

  • MD5

    c6a9a50cd834e9c44aee30cafaabbdc8

  • SHA1

    3fe490e6aa55e65d4ad79b50a1df740fd2bf1e26

  • SHA256

    9cb86dc9d1e9b019372c24a5584e0beae34a0eada2391c2a14b2d7f4bc3d378b

  • SHA512

    c39a653aa6c87c1904facca5be04db9097dda0b34bc6a76f8c5a2def7b1893cd8053a802d77a63438d7eed5e2e8ec542019d652fe872bb5a8af3b6f96896fdd8

  • SSDEEP

    24576:pe+8J7mq/IH2FtJKCIqAwbf5UdbdpnHx4M:pcAH2FqHw75unHm

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6a9a50cd834e9c44aee30cafaabbdc8.exe
    "C:\Users\Admin\AppData\Local\Temp\c6a9a50cd834e9c44aee30cafaabbdc8.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Local\Temp\c6a9a50cd834e9c44aee30cafaabbdc8.exe
      C:\Users\Admin\AppData\Local\Temp\c6a9a50cd834e9c44aee30cafaabbdc8.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c6a9a50cd834e9c44aee30cafaabbdc8.exe
    Filesize

    784KB

    MD5

    4f1e8ab6aa2f4d43dc2f63ce01c0c088

    SHA1

    11444d18ad7ed4f64e3f2a07d4271fc5d636e919

    SHA256

    ccad30b3323ec65486f6d6f1e6f23e34fcf9d1e83bb0206a81ced19de7084155

    SHA512

    663b3de19bd23612c7e0fe9e472006419baa8c792bcabef8c1dffb86b12435f088ca2ea779d8571dd1aae398d6da013953ae4d7525b343404139f32fae27b46e

    Download Submit

  • memory/4212-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4212-1-0x0000000001720000-0x00000000017E4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/4212-2-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4212-12-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5048-13-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/5048-15-0x00000000019E0000-0x0000000001AA4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/5048-14-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5048-20-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/5048-21-0x00000000053D0000-0x0000000005563000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/5048-31-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download