xmrig | 915a924d52d6c2bb1cb66a6a1edab8e008957cd4a2addd2cf6717fe1dcc23e3b | Triage

Submit
Reports

Overview

overview

Static

static

34a5ac3994...cs.exe

windows7-x64

34a5ac3994...cs.exe

windows10-2004-x64

Sharing

General

Target

34a5ac3994eb4f7b6d7ff50716dc2ac0_NeikiAnalytics.exe
Size

2.7MB
Sample

240522-zbbxyaff58
MD5

34a5ac3994eb4f7b6d7ff50716dc2ac0
SHA1

f41a857daaaae7af95959162e05720ae2f4a07b6
SHA256

915a924d52d6c2bb1cb66a6a1edab8e008957cd4a2addd2cf6717fe1dcc23e3b
SHA512

022456f22d7c8b6a228975583a77168ae9f2c3e5d142f305dd1a162b04441abb287054d8a1b09f9da9c0a732652adfa31956380e2fd7b1a5d761b2551cb80158
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Riq:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RQ

Score

10^/10

xmrig execution miner upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

34a5ac3994eb4f7b6d7ff50716dc2ac0_NeikiAnalytics.exe

Resource

win7-20240221-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

34a5ac3994eb4f7b6d7ff50716dc2ac0_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

xmrig execution miner upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  34a5ac3994eb4f7b6d7ff50716dc2ac0_NeikiAnalytics.exe
- Size
  
  2.7MB
- MD5
  
  34a5ac3994eb4f7b6d7ff50716dc2ac0
- SHA1
  
  f41a857daaaae7af95959162e05720ae2f4a07b6
- SHA256
  
  915a924d52d6c2bb1cb66a6a1edab8e008957cd4a2addd2cf6717fe1dcc23e3b
- SHA512
  
  022456f22d7c8b6a228975583a77168ae9f2c3e5d142f305dd1a162b04441abb287054d8a1b09f9da9c0a732652adfa31956380e2fd7b1a5d761b2551cb80158
- SSDEEP
  
  49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Riq:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RQ
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy