Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

xmrig-6.21...rt.cmd

windows7-x64

10

xmrig-6.21...rt.cmd

windows7-x64

10

xmrig-6.21...rt.cmd

windows10-1703-x64

10

xmrig-6.21...rt.cmd

windows10-2004-x64

10

xmrig-6.21...rt.cmd

windows11-21h2-x64

10

Analysis

  • max time kernel
    1192s
  • max time network
    1145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 18:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xmrig-6.21.1/start.cmd

  • Size

    172B

  • MD5

    5ceb4ce3e065fbf229f1cf8f1c4479e6

  • SHA1

    f1b9ae7e6fdc78620951a0c24f0c37ace9d073b9

  • SHA256

    ba0e79502ee78b1187e55bf4ad19be80fa971db90a7f218d504d23cec7166342

  • SHA512

    ae2bdc313c5d07a572efdf61d3b2c15d452a4fe73ea78fd3a2e824b6d9ae939e576791228a2d891abe48396cb67f1002eb79ca6c4870f80cd95862ccaeb7b726

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 63 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\start.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.1\xmrig.exe
      xmrig.exe -o gulf.moneroocean.stream:80 -u 46pyUVGiWpzLqjMsdWqFk7WEW4CcEukj9dyMXLN5KYExVNPMbDNpHc1bE7xpWcnQSjFFQYVZTXr7rNiNNrDCE5qYHTcqpcZ -a rx/0 -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2980

Network

  • flag-us
    DNS
    gulf.moneroocean.stream
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    gulf.moneroocean.stream
    IN A
    Response
    gulf.moneroocean.stream
    IN CNAME
    monerooceans.stream
    monerooceans.stream
    IN A
    149.102.143.109
  • 149.102.143.109:80
    gulf.moneroocean.stream
    http
    xmrig.exe
    17.3kB
     17.4kB
     138
    100
  • 8.8.8.8:53
    gulf.moneroocean.stream
    dns
    xmrig.exe
    69 B
     112 B
     1
    1

    DNS Request

    gulf.moneroocean.stream

    DNS Response

    149.102.143.109

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2980-0-0x0000000001C30000-0x0000000001C50000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2980-2-0x00000000025A0000-0x00000000025C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2980-1-0x0000000002140000-0x0000000002160000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2980-3-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-4-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-5-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-6-0x0000000002140000-0x0000000002160000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2980-7-0x00000000025A0000-0x00000000025C0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2980-8-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-9-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-10-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-11-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-12-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-13-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-14-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-15-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-16-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-17-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-18-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-19-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-20-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-21-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-22-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-23-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-24-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-25-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-26-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-27-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-28-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-29-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-30-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-31-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-32-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-33-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-34-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-35-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-36-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-37-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-38-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-39-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-40-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-41-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-42-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-43-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-44-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-45-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-46-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-47-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-48-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-49-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-50-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-51-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-52-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-53-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-54-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-55-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-56-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-57-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-58-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-59-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-60-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-61-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-62-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-63-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-64-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-65-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-66-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/2980-67-0x000000013FC30000-0x0000000140734000-memory.dmp

    Filesize

    11.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.