xmrig | 0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0b70b19d12...cs.exe

windows7-x64

0b70b19d12...cs.exe

windows10-2004-x64

Sharing

General

Target

0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4_NeikiAnalytics.exe
Size

1.5MB
Sample

240629-28mf2ssdnn
MD5

01650525020dd5639d05adbbc11d4900
SHA1

e39c4fff351e37c59089c509aa949f3570ffb1e3
SHA256

0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4
SHA512

6b15cade2fb15109248c427c5038d7ddafcb1e880fceabdaf8c1e0362dce820363f89880a10b2104b6576830874fb1edb07e9a07e03264fcb40eb8326c4f2c36
SSDEEP

49152:Lz071uv4BPMkyW10/w16BWgac2xGvhHWW:NABg

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4_NeikiAnalytics.exe

Resource

win7-20240419-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

xmrig execution miner upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4_NeikiAnalytics.exe
- Size
  
  1.5MB
- MD5
  
  01650525020dd5639d05adbbc11d4900
- SHA1
  
  e39c4fff351e37c59089c509aa949f3570ffb1e3
- SHA256
  
  0b70b19d125383ec58b51674d1ba89310a473428e80d0deb2621dfaec14399e4
- SHA512
  
  6b15cade2fb15109248c427c5038d7ddafcb1e880fceabdaf8c1e0362dce820363f89880a10b2104b6576830874fb1edb07e9a07e03264fcb40eb8326c4f2c36
- SSDEEP
  
  49152:Lz071uv4BPMkyW10/w16BWgac2xGvhHWW:NABg
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy