xmrig | 8345803c6780d770d0ea3df50d6c06d6b1113e7316b3d93dbea7e54a9fdcd58c | Triage

Submit
Reports

Overview

overview

Static

static

3

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup.exe
Size

5.6MB
Sample

240711-ptf99swfnr
MD5

fe3aade85026dd848fdf2f63952ff734
SHA1

09d5fd71d993050b588cc79544a6bf243d6f8ab4
SHA256

8345803c6780d770d0ea3df50d6c06d6b1113e7316b3d93dbea7e54a9fdcd58c
SHA512

db089fde7d6806fa929e0ec2c48bfcb84c7e47d01ddf45380d3681d988947222d938e0d15a9cb3d69975262fcc1508582f58b4cf22dd891cfaf3f45e6afc0bb8
SSDEEP

98304:ld+0JWUJGRDGQ8kIsmAYrvllcL0QH3YRjdT3i14b60n70p7hr/Bazr3AT:lQRV2lkeBxV7E7hr/BUTA

Score

10^/10

xmrig evasion execution miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20240705-en

xmrig evasion execution miner persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20240709-en

xmrig evasion execution miner persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  5.6MB
- MD5
  
  fe3aade85026dd848fdf2f63952ff734
- SHA1
  
  09d5fd71d993050b588cc79544a6bf243d6f8ab4
- SHA256
  
  8345803c6780d770d0ea3df50d6c06d6b1113e7316b3d93dbea7e54a9fdcd58c
- SHA512
  
  db089fde7d6806fa929e0ec2c48bfcb84c7e47d01ddf45380d3681d988947222d938e0d15a9cb3d69975262fcc1508582f58b4cf22dd891cfaf3f45e6afc0bb8
- SSDEEP
  
  98304:ld+0JWUJGRDGQ8kIsmAYrvllcL0QH3YRjdT3i14b60n70p7hr/Bazr3AT:lQRV2lkeBxV7E7hr/BUTA
Score

10^/10

xmrig evasion execution miner persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistence

behavioral2

xmrigevasionexecutionminerpersistence

© 2018-2025

Terms | Privacy