Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

xmrig-6.21...rt.cmd

windows10-2004-x64

10

xmrig-6.21...rt.cmd

windows7-x64

10

xmrig-6.21...rt.cmd

windows10-1703-x64

10

xmrig-6.21...rt.cmd

windows10-2004-x64

10

xmrig-6.21...rt.cmd

windows11-21h2-x64

10

Analysis

  • max time kernel
    1191s
  • max time network
    1191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 17:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xmrig-6.21.1/start.cmd

  • Size

    172B

  • MD5

    5ceb4ce3e065fbf229f1cf8f1c4479e6

  • SHA1

    f1b9ae7e6fdc78620951a0c24f0c37ace9d073b9

  • SHA256

    ba0e79502ee78b1187e55bf4ad19be80fa971db90a7f218d504d23cec7166342

  • SHA512

    ae2bdc313c5d07a572efdf61d3b2c15d452a4fe73ea78fd3a2e824b6d9ae939e576791228a2d891abe48396cb67f1002eb79ca6c4870f80cd95862ccaeb7b726

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 63 IoCs
    miner
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\start.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\xmrig.exe
      xmrig.exe -o gulf.moneroocean.stream:80 -u 46pyUVGiWpzLqjMsdWqFk7WEW4CcEukj9dyMXLN5KYExVNPMbDNpHc1bE7xpWcnQSjFFQYVZTXr7rNiNNrDCE5qYHTcqpcZ -a rx/0 -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2768

Network

  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    gulf.moneroocean.stream
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    gulf.moneroocean.stream
    IN A
    Response
    gulf.moneroocean.stream
    IN CNAME
    monerooceans.stream
    monerooceans.stream
    IN A
    149.102.143.109
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    109.143.102.149.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    109.143.102.149.in-addr.arpa
    IN PTR
    Response
    109.143.102.149.in-addr.arpa
    IN PTR
    vmi1690904 contaboservernet
  • flag-us
    DNS
    97.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.90.14.23.in-addr.arpa
    IN PTR
    Response
    97.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-97deploystaticakamaitechnologiescom
  • flag-us
    DNS
    21.114.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.114.53.23.in-addr.arpa
    IN PTR
    Response
    21.114.53.23.in-addr.arpa
    IN PTR
    a23-53-114-21deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    224.162.46.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    224.162.46.104.in-addr.arpa
    IN PTR
    Response
  • 149.102.143.109:80
    gulf.moneroocean.stream
    http
    xmrig.exe
    14.5kB
     16.6kB
     120
    90
  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    gulf.moneroocean.stream
    dns
    xmrig.exe
    69 B
     112 B
     1
    1

    DNS Request

    gulf.moneroocean.stream

    DNS Response

    149.102.143.109

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    109.143.102.149.in-addr.arpa
    dns
    74 B
     116 B
     1
    1

    DNS Request

    109.143.102.149.in-addr.arpa

  • 8.8.8.8:53
    97.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    97.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    21.114.53.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    21.114.53.23.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    224.162.46.104.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    224.162.46.104.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2768-0-0x000002217D180000-0x000002217D1A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2768-1-0x000002217E980000-0x000002217E9C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2768-2-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-3-0x000002217E9C0000-0x000002217E9E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2768-4-0x0000022211040000-0x0000022211060000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2768-5-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-6-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-7-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-8-0x000002217E9C0000-0x000002217E9E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2768-9-0x0000022211040000-0x0000022211060000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2768-10-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-11-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-12-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-13-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-14-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-15-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-16-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-17-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-18-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-19-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-20-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-21-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-22-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-23-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-24-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-25-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-26-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-27-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-28-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-29-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-30-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-31-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-32-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-33-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-34-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-35-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-36-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-37-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-38-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-39-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-40-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-41-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-42-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-43-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-44-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-45-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-46-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-47-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-48-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-49-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-50-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-51-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-52-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-53-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-54-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-55-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-56-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-57-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-58-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-59-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-60-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-61-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-62-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-63-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-64-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-65-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-66-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-67-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2768-68-0x00007FF734D00000-0x00007FF735804000-memory.dmp

    Filesize

    11.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.