xmrig | a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Launcher.exe

windows10-1703-x64

Sharing

General

Target

Launcher.exe
Size

5.1MB
Sample

240712-sc86ha1blb
MD5

4fe98ba44e242b415dd4a8b8ce3f8e27
SHA1

26b410ddefb59a478c7f61d6177ac7e917a98087
SHA256

a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa
SHA512

175b4635f26d3d7427a4c49dc14b10dd050cb11998a069b731f182b4acc0778f0bbee797f1d5763eb2f88c17a012bbfae5fe3b5995367b3a7bbd10b774cdb497
SSDEEP

98304:UQ1N+4GEmF1sYAbLC+MZHTL3wufv6wrreMUj1iy4x74/bAV6Io:BHAsYAb2+KL3aWrv6Qy4F4cV69

Score

10^/10

xmrig evasion execution miner persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Launcher.exe

Resource

win10-20240611-en

xmrig evasion execution miner persistence upx

windows10-1703-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  Launcher.exe
- Size
  
  5.1MB
- MD5
  
  4fe98ba44e242b415dd4a8b8ce3f8e27
- SHA1
  
  26b410ddefb59a478c7f61d6177ac7e917a98087
- SHA256
  
  a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa
- SHA512
  
  175b4635f26d3d7427a4c49dc14b10dd050cb11998a069b731f182b4acc0778f0bbee797f1d5763eb2f88c17a012bbfae5fe3b5995367b3a7bbd10b774cdb497
- SSDEEP
  
  98304:UQ1N+4GEmF1sYAbLC+MZHTL3wufv6wrreMUj1iy4x74/bAV6Io:BHAsYAb2+KL3aWrv6Qy4F4cV69
Score

10^/10

xmrig evasion execution miner persistence upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xmrigevasionexecutionminerpersistenceupx

© 2018-2025

Terms | Privacy