xmrig | 48a5dd4f19318e47e5316e29629a6bb3f4d0613fb0f54ce58a409f8a46d0d548 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

0a4f561363...18.exe

windows7-x64

0a4f561363...18.exe

windows10-2004-x64

Sharing

General

Target

0a4f561363f0bae19ade6bf4c2703eb0_JaffaCakes118
Size

7.3MB
Sample

240430-wyjdraef62
MD5

0a4f561363f0bae19ade6bf4c2703eb0
SHA1

01b3c08dbde0e7812eec213a4a3516c5e488808c
SHA256

48a5dd4f19318e47e5316e29629a6bb3f4d0613fb0f54ce58a409f8a46d0d548
SHA512

15c768c0cb2190c62cba93a32104e30e690189adafc88b69a7f6e264e66693d7939499af5f29314811ba80c5dde93a27ba495a2187ffbef2b2f6e676b7d46526
SSDEEP

98304:JGxVzrQ6viczbMAIgXSYn0UL2AzZfzpvLhpLB1uV9+S99U:JMVzs6qczbJXSYnZFZbpvbLB10n99U

Score

10^/10

xmrig miner upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0a4f561363f0bae19ade6bf4c2703eb0_JaffaCakes118.exe

Resource

win7-20240221-en

xmrig miner upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0a4f561363f0bae19ade6bf4c2703eb0_JaffaCakes118.exe

Resource

win10v2004-20240419-en

xmrig miner upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  0a4f561363f0bae19ade6bf4c2703eb0_JaffaCakes118
- Size
  
  7.3MB
- MD5
  
  0a4f561363f0bae19ade6bf4c2703eb0
- SHA1
  
  01b3c08dbde0e7812eec213a4a3516c5e488808c
- SHA256
  
  48a5dd4f19318e47e5316e29629a6bb3f4d0613fb0f54ce58a409f8a46d0d548
- SHA512
  
  15c768c0cb2190c62cba93a32104e30e690189adafc88b69a7f6e264e66693d7939499af5f29314811ba80c5dde93a27ba495a2187ffbef2b2f6e676b7d46526
- SSDEEP
  
  98304:JGxVzrQ6viczbMAIgXSYn0UL2AzZfzpvLhpLB1uV9+S99U:JMVzs6qczbJXSYnZFZbpvbLB10n99U
Score

10^/10

xmrig miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy