xmrig | ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ca49cfed48...84.exe

windows7-x64

ca49cfed48...84.exe

windows10-2004-x64

Sharing

General

Target

ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784
Size

1.9MB
Sample

240416-cgdx6age7x
MD5

665d0a7ef665c81b50738bab1ce856c8
SHA1

d45f26d56f6eeeca8a559c30400e4f5e270c64c7
SHA256

ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784
SHA512

09e3f684e6e34abcfe950cb8b7c10aca362df4698f6cff5abfe4892cbfdb5a39ffb710a3e1d536b892c24d9c9b329007c0b09966ef898a7d1f2cae0ad62de669
SSDEEP

24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcqkeBWF3WAv4op8MDu7Edr2gKFkKLE4QcH:knw9oUUEEDl37jcqMHdooeqGwUHSW

Score

10^/10

xmrig miner upx

Static task

static1

upx miner xmrig

5 signatures

Behavioral task

behavioral1

Sample

ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784.exe

Resource

win7-20240221-en

xmrig miner upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784.exe

Resource

win10v2004-20240412-en

xmrig miner upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784
- Size
  
  1.9MB
- MD5
  
  665d0a7ef665c81b50738bab1ce856c8
- SHA1
  
  d45f26d56f6eeeca8a559c30400e4f5e270c64c7
- SHA256
  
  ca49cfed48f22de049b6d6065738ca1bb349a824baeccd6def2b843bce72c784
- SHA512
  
  09e3f684e6e34abcfe950cb8b7c10aca362df4698f6cff5abfe4892cbfdb5a39ffb710a3e1d536b892c24d9c9b329007c0b09966ef898a7d1f2cae0ad62de669
- SSDEEP
  
  24576:JanwhSe11QSONCpGJCjETPlWXWZ5PbcqkeBWF3WAv4op8MDu7Edr2gKFkKLE4QcH:knw9oUUEEDl37jcqMHdooeqGwUHSW
Score

10^/10

xmrig miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy