Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 20:48

General

  • Target

    2024-05-29_4569f6d73b86c39437a773072b832149_cobalt-strike_cobaltstrike_xmrig.exe

  • Size

    11.1MB

  • MD5

    4569f6d73b86c39437a773072b832149

  • SHA1

    bf753c1418c9afecda74af7b28f04daf42a5a411

  • SHA256

    38f5f3610b1d2096cb763a074f9ce7fc9326846a8f06cb6d75f6b90a516ddd8c

  • SHA512

    d5827b33cad6086b5f725d789b2260c1763b5dd0f947c8d4425ee5658bbf450a7eb18df9641bed05460fe1724bfa282898ee4924c3de3fef1725f97a8455cd03

  • SSDEEP

    196608:hAfrMK0z50OJEzEuDTvnO5tQ3ovumrGXp66Xo:hYYKXS1uDaOZmry6B

Score
10/10

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects executables containing URLs to raw contents of a Github gist 5 IoCs
  • XMRig Miner payload 5 IoCs
  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • Modifies Internet Explorer start page 1 TTPs 4 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_4569f6d73b86c39437a773072b832149_cobalt-strike_cobaltstrike_xmrig.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_4569f6d73b86c39437a773072b832149_cobalt-strike_cobaltstrike_xmrig.exe"
    1⤵
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Modifies Internet Explorer start page
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:1540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    a3660d8797a4c69744e2bb120aef4969

    SHA1

    d28579b6d354cdbe3d29e570ea1ee3d820c654c7

    SHA256

    3ad710e1bbcb1974da2acfaeb25ff8b00d8333767cb70f9379828c8db150f7b1

    SHA512

    c6e1818ec01a5742bf29368c26b763da07b6af9a8335c14f53dd801d8ae4c47a538e9cf46808d663680ccaaffe2d89bb6e09dc7236faf8430f64fbbd7bfe798a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2d096b6c4302cede601845cf6c2a444a

    SHA1

    6f5b0a0fb463e1566e610778625f762e141d0c27

    SHA256

    90a5a62272f1e15887ebac56d82c8d6cf38e08fb39781a20c4450fcbba22ddb4

    SHA512

    e09942e3f82537bef4677ecd1844e2a3601af188fb49ab71c9376fa05ea5605e76e01eae567e29b8d97a9481a45af47b2f2dc7c0c0f627646dd1a2c31bb53a71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    879f5440e56169c7ed29e13406309155

    SHA1

    d46ca221e6070980519305c7a0ccf995a71bf922

    SHA256

    c28b471df9524bb8532a909cac2333f02bfdf3f42450761f90c07fa86a576782

    SHA512

    9e92d90b590d0a3236282a0b9bb384195c11e3a9bad209e8d8bab20647094a849b599bced84f10aecf6ea166a2ea49eba966d0aa38f14d27a1ea38da3c8243ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2865da869996afe519c4d77bd4c28432

    SHA1

    aa96fe7d22fa8c4d284f01d973f10f4fb1c334e4

    SHA256

    a84e877ca27f6d2cb41f4abad4ac53d9c03bd18d486ff22fb5ab076748b96d83

    SHA512

    0e3a37b36a3c4613c8ab2fe7ec9266722f01fcf6607a898a3ddff7c1bfdb5052175597d239c7d01bf887e857ac2085d9b1dd25a467db9f4c1c69771bb9fb2475

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    614288fd03775a2cf62bcfc85532a26e

    SHA1

    0f70dedb8548f246adac4d7df7c719fe2e3f1de1

    SHA256

    cb7a9e558920d1cdfda813d8c5b6179d6df43395e8c3390823c8d458ff3af001

    SHA512

    e82660495990b7f92f6f6e5a9c11f28d3953d261c1c14d4bbda2c986c7c212ae783315ff7328d4506eeb0154269b2400796445533119ea31c64a89e0bc7916be

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05bf933ac4ce97a2cf325fd48988282b

    SHA1

    c5f5313396965cf14b62470c6b966afaa949361c

    SHA256

    4d034ecbf6717a77b31458a209e27d03785463a5590f9f31f84aac3c22806d23

    SHA512

    ca788050016fe06ae4907ecfc7e036899d78a606dc375bce10dbc71335461e15d25254b86ad092be3a927aaad8e0dd5578eeb142789e392c4427fe10d5787064

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e9097b5079279a8dc86a6c0217d121c

    SHA1

    5bd029accb7fc505b0e3354d37faab937692799f

    SHA256

    25d2dcb1aa3bc0d3293bc5a55fa7ad46f12e9da7990761e027fe92159b4411e0

    SHA512

    b77d57ca6401d365bbfad0f22e6573ed0a7f6e6f6d94b93240204c7d1e59eeaca9b2d97bd716e9f4d226d013418aaf0d95357a46a449d84bacca865fed3294fc

  • C:\Users\Admin\AppData\Local\Temp\Cab205E.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2061.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar2171.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1540-637-0x0000000000400000-0x00000000010B2000-memory.dmp

    Filesize

    12.7MB

  • memory/1540-348-0x0000000000400000-0x00000000010B2000-memory.dmp

    Filesize

    12.7MB

  • memory/1540-471-0x0000000000400000-0x00000000010B2000-memory.dmp

    Filesize

    12.7MB

  • memory/1540-594-0x0000000000400000-0x00000000010B2000-memory.dmp

    Filesize

    12.7MB

  • memory/1540-0-0x00000000003E0000-0x00000000003F0000-memory.dmp

    Filesize

    64KB

  • memory/1540-760-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/1540-762-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

  • memory/1540-761-0x00000000002C0000-0x00000000003C0000-memory.dmp

    Filesize

    1024KB

  • memory/1540-763-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

  • memory/1540-764-0x00000000003F0000-0x0000000000400000-memory.dmp

    Filesize

    64KB

  • memory/1540-765-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

    Filesize

    4KB

  • memory/1540-766-0x0000000000401000-0x0000000000A18000-memory.dmp

    Filesize

    6.1MB

  • memory/1540-767-0x0000000000400000-0x00000000010B2000-memory.dmp

    Filesize

    12.7MB