Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Downloader.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloader.bat

  • Size

    1KB

  • Sample

    240617-nxhf3atbpr

  • MD5

    68c296ff7c1da026600f5a11359201ef

  • SHA1

    e592a339c4838b15eaa061a6a7a2e301d1c94bf3

  • SHA256

    706ae745b06209b2fe88151fc0f904bd0e72bef9c675f80d98b302e802495cc6

  • SHA512

    a111ac6f3583e2ce189209634d60484b1150736352f0cc0a4954ace90f3b060b223f4f6545d0ed297c1be2b0abb5c642fe6683ecc533501a22569c0fc332e0a1

Score
10/10
xmrigexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://allcoins.pw/dl/Miner.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://allcoins.pw/dl/7z.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://allcoins.pw/dl/7z.dll

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://allcoins.pw/dl/dl.php?autoconfig=711648

Targets

    • Target

      Downloader.bat

    • Size

      1KB

    • MD5

      68c296ff7c1da026600f5a11359201ef

    • SHA1

      e592a339c4838b15eaa061a6a7a2e301d1c94bf3

    • SHA256

      706ae745b06209b2fe88151fc0f904bd0e72bef9c675f80d98b302e802495cc6

    • SHA512

      a111ac6f3583e2ce189209634d60484b1150736352f0cc0a4954ace90f3b060b223f4f6545d0ed297c1be2b0abb5c642fe6683ecc533501a22569c0fc332e0a1

    Score
    10/10
    xmrigexecutionminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks