xmrig | 3ff44ce2fff47702c0f24c54d59762efc6cd1898df00a535291f155c72295d8e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

ad869f865c...0N.exe

windows7-x64

ad869f865c...0N.exe

windows10-2004-x64

Sharing

General

Target

ad869f865c93a6cc2927bcdd6e8f2fe0N.exe
Size

1.9MB
Sample

240806-qf2jqatgjc
MD5

ad869f865c93a6cc2927bcdd6e8f2fe0
SHA1

045cc343022f85ca518686108665cb4116cc245a
SHA256

3ff44ce2fff47702c0f24c54d59762efc6cd1898df00a535291f155c72295d8e
SHA512

b8da23af91eb8cb0691231b492c47c47a7a203876ea82e971907c6c06a0b37c1a7dfb5242c69275f58d52fb8cda2639b5d85f17d3b936ec62a262cff9170cb67
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VqaWVR:NABn

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

ad869f865c93a6cc2927bcdd6e8f2fe0N.exe

Resource

win7-20240704-en

xmrig execution miner upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

ad869f865c93a6cc2927bcdd6e8f2fe0N.exe

Resource

win10v2004-20240802-en

xmrig execution miner persistence privilege_escalation upx

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  ad869f865c93a6cc2927bcdd6e8f2fe0N.exe
- Size
  
  1.9MB
- MD5
  
  ad869f865c93a6cc2927bcdd6e8f2fe0
- SHA1
  
  045cc343022f85ca518686108665cb4116cc245a
- SHA256
  
  3ff44ce2fff47702c0f24c54d59762efc6cd1898df00a535291f155c72295d8e
- SHA512
  
  b8da23af91eb8cb0691231b492c47c47a7a203876ea82e971907c6c06a0b37c1a7dfb5242c69275f58d52fb8cda2639b5d85f17d3b936ec62a262cff9170cb67
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VqaWVR:NABn
Score

10^/10

xmrig execution miner upx persistence privilege_escalation
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy