xmrig | ea453bded22f1a2e5f7f218881641ea622880c79e32e6d182e14fb80139e6223 | Triage

Submit
Reports

Overview

overview

Static

static

5

2d87174761...18.exe

windows7-x64

2d87174761...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2d871747617c5a94cb914b9b2f8fc06e_JaffaCakes118
Size

3.5MB
Sample

240708-x2y42svckl
MD5

2d871747617c5a94cb914b9b2f8fc06e
SHA1

c031460d111b99fe71245f138ea7d7fe1ecfe325
SHA256

ea453bded22f1a2e5f7f218881641ea622880c79e32e6d182e14fb80139e6223
SHA512

2dfe0192afb95d6104ffb9268ca1b4e4b44b2f1ab04e56f682665844465e567b389b7efc21b26a51f8a5e42fb1aed5ff5a38bff2c5efcccea3fcb63dfd2efade
SSDEEP

49152:bw80cTsjkWaCM7tljPT5/S3MHdbF5BXGTH+bowcxSdAyAKjaWhIC/mcKqzKd9j1k:U8sjkpB3BUyFcM6ylThIC/5Kqz1Kkj

Score

10^/10

xmrig miner persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2d871747617c5a94cb914b9b2f8fc06e_JaffaCakes118.exe

Resource

win7-20240704-en

xmrig miner persistence upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d871747617c5a94cb914b9b2f8fc06e_JaffaCakes118.exe

Resource

win10v2004-20240704-en

xmrig miner persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d871747617c5a94cb914b9b2f8fc06e_JaffaCakes118
- Size
  
  3.5MB
- MD5
  
  2d871747617c5a94cb914b9b2f8fc06e
- SHA1
  
  c031460d111b99fe71245f138ea7d7fe1ecfe325
- SHA256
  
  ea453bded22f1a2e5f7f218881641ea622880c79e32e6d182e14fb80139e6223
- SHA512
  
  2dfe0192afb95d6104ffb9268ca1b4e4b44b2f1ab04e56f682665844465e567b389b7efc21b26a51f8a5e42fb1aed5ff5a38bff2c5efcccea3fcb63dfd2efade
- SSDEEP
  
  49152:bw80cTsjkWaCM7tljPT5/S3MHdbF5BXGTH+bowcxSdAyAKjaWhIC/mcKqzKd9j1k:U8sjkpB3BUyFcM6ylThIC/5Kqz1Kkj
Score

10^/10

xmrig miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops startup file
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigminerpersistenceupx

behavioral2

xmrigminerpersistenceupx

© 2018-2025

Terms | Privacy