xmrig | cdfb5eceef238cb0fc3e5941435bd89b333081f1b7a5bee85ce46621c12d2043 | Triage

Submit
Reports

Overview

overview

Static

static

0f6eae8a93...18.exe

windows7-x64

0f6eae8a93...18.exe

windows10-2004-x64

Sharing

General

Target

0f6eae8a93f85560ce2df141cc74ec62_JaffaCakes118
Size

2.2MB
Sample

240503-cly4wsce3v
MD5

0f6eae8a93f85560ce2df141cc74ec62
SHA1

811005a214c7299fec98d73d3a435b8c3db0a369
SHA256

cdfb5eceef238cb0fc3e5941435bd89b333081f1b7a5bee85ce46621c12d2043
SHA512

c9a7a88244e08a9ed9ce41374079fbadda51a8f2b1a7e2090e79bdf3eaaffdde31c0593b9e1ba1ef252d2bf0cbae0658f8e78d280a28129aa04c762277bb1413
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrfKb:NAB1

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

0f6eae8a93f85560ce2df141cc74ec62_JaffaCakes118.exe

Resource

win7-20240221-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f6eae8a93f85560ce2df141cc74ec62_JaffaCakes118.exe

Resource

win10v2004-20240419-en

xmrig execution miner upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f6eae8a93f85560ce2df141cc74ec62_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  0f6eae8a93f85560ce2df141cc74ec62
- SHA1
  
  811005a214c7299fec98d73d3a435b8c3db0a369
- SHA256
  
  cdfb5eceef238cb0fc3e5941435bd89b333081f1b7a5bee85ce46621c12d2043
- SHA512
  
  c9a7a88244e08a9ed9ce41374079fbadda51a8f2b1a7e2090e79bdf3eaaffdde31c0593b9e1ba1ef252d2bf0cbae0658f8e78d280a28129aa04c762277bb1413
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrfKb:NAB1
Score

10^/10

xmrig execution miner upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy