xmrig | bfee3c556a2ad412b539c0c319381561d644c1cf2c5058de123e28b44ed97ec7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

1b3d88ef5b...18.exe

windows7-x64

1b3d88ef5b...18.exe

windows10-2004-x64

Sharing

General

Target

1b3d88ef5b59e2b614c8be08fad7a452_JaffaCakes118
Size

17.2MB
Sample

240701-pad1sstgjp
MD5

1b3d88ef5b59e2b614c8be08fad7a452
SHA1

227991af3745dfcdc668c07abb06906eeb5f8b9b
SHA256

bfee3c556a2ad412b539c0c319381561d644c1cf2c5058de123e28b44ed97ec7
SHA512

d7c45dd7a425c9f2458b4bee569048d647f7c99d3889a699aadd5ae24317e07ad36b7817e6897598c39029a1353e0e73c7a266eae8741d3ce2dfeb9fd936b844
SSDEEP

393216:mtJ/dhoexN5iXH91xwyRJWx/Eu1rYoOV:s1VxNg+yjGx1MoM

Score

10^/10

xmrig miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b3d88ef5b59e2b614c8be08fad7a452_JaffaCakes118.exe

Resource

win7-20240221-en

xmrig miner persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b3d88ef5b59e2b614c8be08fad7a452_JaffaCakes118.exe

Resource

win10v2004-20240508-en

xmrig miner persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1b3d88ef5b59e2b614c8be08fad7a452_JaffaCakes118
- Size
  
  17.2MB
- MD5
  
  1b3d88ef5b59e2b614c8be08fad7a452
- SHA1
  
  227991af3745dfcdc668c07abb06906eeb5f8b9b
- SHA256
  
  bfee3c556a2ad412b539c0c319381561d644c1cf2c5058de123e28b44ed97ec7
- SHA512
  
  d7c45dd7a425c9f2458b4bee569048d647f7c99d3889a699aadd5ae24317e07ad36b7817e6897598c39029a1353e0e73c7a266eae8741d3ce2dfeb9fd936b844
- SSDEEP
  
  393216:mtJ/dhoexN5iXH91xwyRJWx/Eu1rYoOV:s1VxNg+yjGx1MoM
Score

10^/10

xmrig miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigminerpersistence

behavioral2

xmrigminerpersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.