Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

trigger.ps1

windows10-1703-x64

10

trigger.ps1

windows10-2004-x64

10

trigger.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trigger.ps1

  • Size

    148B

  • Sample

    240705-m1ad7axarn

  • MD5

    24ad6c631c1a6215f9b8a06a9994088d

  • SHA1

    c4a1221c00552e5d72c550e2d83aa5675d562092

  • SHA256

    8b2327fa7051814f975435494a19b02ecd4ace11ea8b63d6cb9bc9d924e6b44b

  • SHA512

    6026a86805a526a1a84b31bcee01ab60fa7eba7d98e56dec1b6ff8b0bd2ffe74ac24a7c2a3e33263faa3a38867a9147fcaaa45db1d0d945fe94a2006e95461d6

Score
10/10
xmrigevasionexecutionminer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Targets

    • Target

      trigger.ps1

    • Size

      148B

    • MD5

      24ad6c631c1a6215f9b8a06a9994088d

    • SHA1

      c4a1221c00552e5d72c550e2d83aa5675d562092

    • SHA256

      8b2327fa7051814f975435494a19b02ecd4ace11ea8b63d6cb9bc9d924e6b44b

    • SHA512

      6026a86805a526a1a84b31bcee01ab60fa7eba7d98e56dec1b6ff8b0bd2ffe74ac24a7c2a3e33263faa3a38867a9147fcaaa45db1d0d945fe94a2006e95461d6

    Score
    10/10
    xmrigevasionexecutionminer

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Blocklisted process makes network request

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks