xmrig | d04e097d59023a1ba74884547009c42fc24bba869a70bf5f409094cbedcacb06 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

10bd318d69...cs.exe

windows7-x64

10bd318d69...cs.exe

windows10-2004-x64

Sharing

General

Target

10bd318d69bbaec0c81cf390cafa3240_NeikiAnalytics
Size

2.7MB
Sample

240510-1qwfkaef55
MD5

10bd318d69bbaec0c81cf390cafa3240
SHA1

36f2936a8709b532c7636b471e6836b5d6f050a3
SHA256

d04e097d59023a1ba74884547009c42fc24bba869a70bf5f409094cbedcacb06
SHA512

fdac870fc7686f608d515b7bebc23a7ff0a460827fe4902ac2d7ce16745546b4be3afb578fe4b1619259dc553114ec9178f5af59b66f70ccdbb3ae2d21bb17ce
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkivwSbakf:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RX

Score

10^/10

xmrig execution miner upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

10bd318d69bbaec0c81cf390cafa3240_NeikiAnalytics.exe

Resource

win7-20240220-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

10bd318d69bbaec0c81cf390cafa3240_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

xmrig execution miner upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  10bd318d69bbaec0c81cf390cafa3240_NeikiAnalytics
- Size
  
  2.7MB
- MD5
  
  10bd318d69bbaec0c81cf390cafa3240
- SHA1
  
  36f2936a8709b532c7636b471e6836b5d6f050a3
- SHA256
  
  d04e097d59023a1ba74884547009c42fc24bba869a70bf5f409094cbedcacb06
- SHA512
  
  fdac870fc7686f608d515b7bebc23a7ff0a460827fe4902ac2d7ce16745546b4be3afb578fe4b1619259dc553114ec9178f5af59b66f70ccdbb3ae2d21bb17ce
- SSDEEP
  
  49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkivwSbakf:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RX
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy