xmrig | a6f48f8f554b67aa4e0112b00c48936b33a60a9b63c29a6b47f1c36f0268de76 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8299291116...cs.exe

windows7-x64

8299291116...cs.exe

windows10-2004-x64

Sharing

General

Target

8299291116572e81c4a532247dfb92d0_NeikiAnalytics.exe
Size

1.7MB
Sample

240602-3jalmacc67
MD5

8299291116572e81c4a532247dfb92d0
SHA1

336e759cbf2e33c932cb8e6cc293a8f958d1d319
SHA256

a6f48f8f554b67aa4e0112b00c48936b33a60a9b63c29a6b47f1c36f0268de76
SHA512

12a948cae01b0de019f5a280ec543107fda8a0c1968ef54e1efdd5ab1757cf113fbeb19a3e1459edd3e0558af3a34f5352f34e8260acaa7356492b06e99afc8c
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBeQxWCLU0SwVUuBk5ck:Lz071uv4BPMkFfdg6NsIRSwV7C

Score

10^/10

xmrig execution miner persistence upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

8299291116572e81c4a532247dfb92d0_NeikiAnalytics.exe

Resource

win7-20240419-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8299291116572e81c4a532247dfb92d0_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

xmrig execution miner persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  8299291116572e81c4a532247dfb92d0_NeikiAnalytics.exe
- Size
  
  1.7MB
- MD5
  
  8299291116572e81c4a532247dfb92d0
- SHA1
  
  336e759cbf2e33c932cb8e6cc293a8f958d1d319
- SHA256
  
  a6f48f8f554b67aa4e0112b00c48936b33a60a9b63c29a6b47f1c36f0268de76
- SHA512
  
  12a948cae01b0de019f5a280ec543107fda8a0c1968ef54e1efdd5ab1757cf113fbeb19a3e1459edd3e0558af3a34f5352f34e8260acaa7356492b06e99afc8c
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBeQxWCLU0SwVUuBk5ck:Lz071uv4BPMkFfdg6NsIRSwV7C
Score

10^/10

xmrig execution miner upx persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy