Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

script.bat

windows10-1703-x64

10

script.bat

windows10-2004-x64

10

script.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    script.bat

  • Size

    519B

  • Sample

    240701-m3kyps1cjm

  • MD5

    2553c4078ee85c8e3ecaaa2fb8b4d1b6

  • SHA1

    8c29f9237ddeccfe094ec30f0988a8bd0579dc44

  • SHA256

    dd97696e02bf0b80efd4c2761fdfead5313adc7688b389e7312684043b98ba14

  • SHA512

    4a413f0bff169e7cd738d91d72f74e20c0e7a0e70ef6536d72d73b86459a1a375d2804339f0fb208437203f7acfe93da7d4bee53862704c8aaec9f96383cdf44

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://94.177.244.107:3000/miner

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      script.bat

    • Size

      519B

    • MD5

      2553c4078ee85c8e3ecaaa2fb8b4d1b6

    • SHA1

      8c29f9237ddeccfe094ec30f0988a8bd0579dc44

    • SHA256

      dd97696e02bf0b80efd4c2761fdfead5313adc7688b389e7312684043b98ba14

    • SHA512

      4a413f0bff169e7cd738d91d72f74e20c0e7a0e70ef6536d72d73b86459a1a375d2804339f0fb208437203f7acfe93da7d4bee53862704c8aaec9f96383cdf44

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks