xmrig | d41c69cc6102ef81c8bf0fabce2a8cbe521503414ab0a9fcf38ff36cda8301e9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

04c7d0edb3...cs.exe

windows7-x64

04c7d0edb3...cs.exe

windows10-2004-x64

Sharing

General

Target

04c7d0edb3a4c8ec404bb479dec4ee60_NeikiAnalytics
Size

1.6MB
Sample

240514-wglsjshc87
MD5

04c7d0edb3a4c8ec404bb479dec4ee60
SHA1

17c079326af7b919fbb5b6f5157ba7a594ba147e
SHA256

d41c69cc6102ef81c8bf0fabce2a8cbe521503414ab0a9fcf38ff36cda8301e9
SHA512

436ea52ca146c86704b57643e4d7d99d3eb24dcd7dfc41dd65d78ea0de152ff0cd1ebb220aa8ccc9c8e4cffa1133b982cbbcded64b0c7bedf2d33f152e1bf304
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+yZdc/Tgl2:Lz071uv4BPMkHC0I6Gz3N1pHPg/T+x7U

Score

10^/10

xmrig execution miner upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

04c7d0edb3a4c8ec404bb479dec4ee60_NeikiAnalytics.exe

Resource

win7-20240508-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

04c7d0edb3a4c8ec404bb479dec4ee60_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

xmrig execution miner upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  04c7d0edb3a4c8ec404bb479dec4ee60_NeikiAnalytics
- Size
  
  1.6MB
- MD5
  
  04c7d0edb3a4c8ec404bb479dec4ee60
- SHA1
  
  17c079326af7b919fbb5b6f5157ba7a594ba147e
- SHA256
  
  d41c69cc6102ef81c8bf0fabce2a8cbe521503414ab0a9fcf38ff36cda8301e9
- SHA512
  
  436ea52ca146c86704b57643e4d7d99d3eb24dcd7dfc41dd65d78ea0de152ff0cd1ebb220aa8ccc9c8e4cffa1133b982cbbcded64b0c7bedf2d33f152e1bf304
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+yZdc/Tgl2:Lz071uv4BPMkHC0I6Gz3N1pHPg/T+x7U
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy