xmrig | 08b1fb7571cabe7fed53d86bb881223bb6b6905e0b22ab0bd0c1d8251bc5daaa | Triage

Submit
Reports

Overview

overview

Static

static

07a562b703...18.exe

windows7-x64

07a562b703...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

07a562b703be3290371261ffddb63500_JaffaCakes118
Size

2.2MB
Sample

240429-pgr61aaf8y
MD5

07a562b703be3290371261ffddb63500
SHA1

49e8e142c7a5a6e176dac7fe67a8b62399acea21
SHA256

08b1fb7571cabe7fed53d86bb881223bb6b6905e0b22ab0bd0c1d8251bc5daaa
SHA512

dcd9412fc3c6e01568528c7ea953f4986f935415b9a0578f71078e19eb2f809c4b6b60a20de9f78eadaa02981eff13fc318b017c0211f674c0b482104a3f4544
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrf6:NABb

Score

10^/10

xmrig miner persistence upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

07a562b703be3290371261ffddb63500_JaffaCakes118.exe

Resource

win7-20240419-en

xmrig miner upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

07a562b703be3290371261ffddb63500_JaffaCakes118.exe

Resource

win10v2004-20240426-en

xmrig miner persistence upx

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  07a562b703be3290371261ffddb63500_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  07a562b703be3290371261ffddb63500
- SHA1
  
  49e8e142c7a5a6e176dac7fe67a8b62399acea21
- SHA256
  
  08b1fb7571cabe7fed53d86bb881223bb6b6905e0b22ab0bd0c1d8251bc5daaa
- SHA512
  
  dcd9412fc3c6e01568528c7ea953f4986f935415b9a0578f71078e19eb2f809c4b6b60a20de9f78eadaa02981eff13fc318b017c0211f674c0b482104a3f4544
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrf6:NABb
Score

10^/10

xmrig miner upx persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xmrigminerpersistenceupx

© 2018-2025

Terms | Privacy