xmrig | 47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

47988be282...cs.exe

windows7-x64

47988be282...cs.exe

windows10-2004-x64

Sharing

General

Target

47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971_NeikiAnalytics.exe
Size

2.9MB
Sample

240627-ec4zws1ckg
MD5

bebae592220aa231f6cdff30d1a6a460
SHA1

3f632a61e74f9ea293b19206fe31087718c4fc0e
SHA256

47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971
SHA512

8ce45e753d333eca3d6f91cf6dfc6e6ac5a4c3f243bbe74386a0257f8b936d83de82e029b58f3e7f9051f6d6d8eb76c503f0043c38ebd4895aae227307e3a67f
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsIiGuJ:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RF

Score

10^/10

xmrig execution miner upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971_NeikiAnalytics.exe

Resource

win7-20240508-en

xmrig execution miner upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

xmrig execution miner upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971_NeikiAnalytics.exe
- Size
  
  2.9MB
- MD5
  
  bebae592220aa231f6cdff30d1a6a460
- SHA1
  
  3f632a61e74f9ea293b19206fe31087718c4fc0e
- SHA256
  
  47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971
- SHA512
  
  8ce45e753d333eca3d6f91cf6dfc6e6ac5a4c3f243bbe74386a0257f8b936d83de82e029b58f3e7f9051f6d6d8eb76c503f0043c38ebd4895aae227307e3a67f
- SSDEEP
  
  49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsIiGuJ:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RF
Score

10^/10

xmrig execution miner upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy