xmrig | 400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

400b0ece07...64.exe

windows7-x64

400b0ece07...64.exe

windows10-2004-x64

Sharing

General

Target

400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864
Size

1.4MB
Sample

240307-x1v11abg42
MD5

b6db27452a77246b009fcb2cfc210082
SHA1

894b29baf05597d2af3a584931399adfebf42cb7
SHA256

400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864
SHA512

f30468798f52f9b7f1e96b326727cc2ef9c329ffe4351ef569699e6373c3334fd0cedbe4bf9f56ce28b0c7f7624866d8f349130bb7f1a6a601768077851ade56
SSDEEP

24576:RVIl/WDGCi7/qkat6Q5aILMCfmARvKYYwdy2VlmNCQgIT0rKiClUJxX7QcSbmZ1Y:ROdWCCi7/raZ5aIwC+Ax4ErWThiCmRbe

Score

10^/10

xmrig miner upx

Static task

static1

upx miner xmrig

5 signatures

Behavioral task

behavioral1

Sample

400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe

Resource

win7-20240221-en

xmrig miner upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864.exe

Resource

win10v2004-20240226-en

xmrig miner upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864
- Size
  
  1.4MB
- MD5
  
  b6db27452a77246b009fcb2cfc210082
- SHA1
  
  894b29baf05597d2af3a584931399adfebf42cb7
- SHA256
  
  400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864
- SHA512
  
  f30468798f52f9b7f1e96b326727cc2ef9c329ffe4351ef569699e6373c3334fd0cedbe4bf9f56ce28b0c7f7624866d8f349130bb7f1a6a601768077851ade56
- SSDEEP
  
  24576:RVIl/WDGCi7/qkat6Q5aILMCfmARvKYYwdy2VlmNCQgIT0rKiClUJxX7QcSbmZ1Y:ROdWCCi7/raZ5aIwC+Ax4ErWThiCmRbe
Score

10^/10

xmrig miner upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy