xmrig | 78040d7157ca72b8c8c536e6b071324f27dccebc6b7ccfd07a41d2f184bbdd2a | Triage

Submit
Reports

Overview

overview

Static

static

ea8102700b...0N.exe

windows7-x64

ea8102700b...0N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ea8102700bbb5f791503b28787ec8e30N.exe
Size

1.8MB
Sample

240715-rf53ksxbjh
MD5

ea8102700bbb5f791503b28787ec8e30
SHA1

22e0b02dcf88be0a044b81895972c8b964ca47f6
SHA256

78040d7157ca72b8c8c536e6b071324f27dccebc6b7ccfd07a41d2f184bbdd2a
SHA512

9f7b0451d265443da6026d71e04ea2d7cbf6582460e2a3a22b3e37e390ce7a7dbb3ba8345e48da79f1b3e1db17c79ad691ebf690819844db4f57d7e9011f6a0c
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FNGzM2qAZsSWrHVzDg4E2:Lz071uv4BPMki8CnfZFZzM/vB

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

ea8102700bbb5f791503b28787ec8e30N.exe

Resource

win7-20240708-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

ea8102700bbb5f791503b28787ec8e30N.exe

Resource

win10v2004-20240709-en

xmrig execution miner upx

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Targets

- Target
  
  ea8102700bbb5f791503b28787ec8e30N.exe
- Size
  
  1.8MB
- MD5
  
  ea8102700bbb5f791503b28787ec8e30
- SHA1
  
  22e0b02dcf88be0a044b81895972c8b964ca47f6
- SHA256
  
  78040d7157ca72b8c8c536e6b071324f27dccebc6b7ccfd07a41d2f184bbdd2a
- SHA512
  
  9f7b0451d265443da6026d71e04ea2d7cbf6582460e2a3a22b3e37e390ce7a7dbb3ba8345e48da79f1b3e1db17c79ad691ebf690819844db4f57d7e9011f6a0c
- SSDEEP
  
  24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FNGzM2qAZsSWrHVzDg4E2:Lz071uv4BPMki8CnfZFZzM/vB
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy