xmrig | b3ba1e6d03d375afe290a9349d81aa49613187d4f02eba05ba5aafccb93931e7 | Triage

Submit
Reports

Overview

overview

Static

static

8dd2e47f39...cs.exe

windows7-x64

8dd2e47f39...cs.exe

windows10-2004-x64

Sharing

General

Target

8dd2e47f39bbb78c60916de85411d9d0_NeikiAnalytics.exe
Size

2.8MB
Sample

240613-2tvh4stflb
MD5

8dd2e47f39bbb78c60916de85411d9d0
SHA1

baf0e8a761052f82f92ca4a26f8f4faf211c6224
SHA256

b3ba1e6d03d375afe290a9349d81aa49613187d4f02eba05ba5aafccb93931e7
SHA512

45b7fb9fecabf1a7817892d5cc74e41bf3f6bf09d83849d58c407997ca3e5c93cc7e7d29c47cca665f57e772fa054dbce5423ad693c200a9610fc446a1c27e08
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/ml3:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RP

Score

10^/10

xmrig execution miner upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

8dd2e47f39bbb78c60916de85411d9d0_NeikiAnalytics.exe

Resource

win7-20240508-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8dd2e47f39bbb78c60916de85411d9d0_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

xmrig execution miner upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  8dd2e47f39bbb78c60916de85411d9d0_NeikiAnalytics.exe
- Size
  
  2.8MB
- MD5
  
  8dd2e47f39bbb78c60916de85411d9d0
- SHA1
  
  baf0e8a761052f82f92ca4a26f8f4faf211c6224
- SHA256
  
  b3ba1e6d03d375afe290a9349d81aa49613187d4f02eba05ba5aafccb93931e7
- SHA512
  
  45b7fb9fecabf1a7817892d5cc74e41bf3f6bf09d83849d58c407997ca3e5c93cc7e7d29c47cca665f57e772fa054dbce5423ad693c200a9610fc446a1c27e08
- SSDEEP
  
  49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/ml3:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RP
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2024

Terms | Privacy