xmrig | 8f928095149d31bf6951099b6bf6cd3ac31b21ff50dcbe6aeccdfa5b29c6ab58 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

8a1011b153...18.exe

windows7-x64

7

8a1011b153...18.exe

windows10-2004-x64

Sharing

General

Target

8a1011b1536554be844258abcfbf35c2_JaffaCakes118
Size

21.3MB
Sample

240811-mthf8azgnc
MD5

8a1011b1536554be844258abcfbf35c2
SHA1

8434a6be612dee55d189ac41c0218b3fa4c86099
SHA256

8f928095149d31bf6951099b6bf6cd3ac31b21ff50dcbe6aeccdfa5b29c6ab58
SHA512

7c6e688fc2a18e028f7a5c420a7e2525f37a53f9cc7b65272a6c50a79adf8cf65e774a32f0907cbb8e9f3596bd78e1d4bb9bf3a06a34775410412b75ff0df6b8
SSDEEP

393216:i+j2MW6g3UMSrLNDCy6lvjwTua86Cc5j4XC1ucZkjy8sfDo9Njit:6hvSfpCy6l76P4IlZT8s

Score

10^/10

xmrig discovery miner vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8a1011b1536554be844258abcfbf35c2_JaffaCakes118.exe

Resource

win7-20240705-en

discovery miner vmprotect

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a1011b1536554be844258abcfbf35c2_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xmrig discovery miner vmprotect

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  8a1011b1536554be844258abcfbf35c2_JaffaCakes118
- Size
  
  21.3MB
- MD5
  
  8a1011b1536554be844258abcfbf35c2
- SHA1
  
  8434a6be612dee55d189ac41c0218b3fa4c86099
- SHA256
  
  8f928095149d31bf6951099b6bf6cd3ac31b21ff50dcbe6aeccdfa5b29c6ab58
- SHA512
  
  7c6e688fc2a18e028f7a5c420a7e2525f37a53f9cc7b65272a6c50a79adf8cf65e774a32f0907cbb8e9f3596bd78e1d4bb9bf3a06a34775410412b75ff0df6b8
- SSDEEP
  
  393216:i+j2MW6g3UMSrLNDCy6lvjwTua86Cc5j4XC1ucZkjy8sfDo9Njit:6hvSfpCy6l76P4IlZT8s
Score

10^/10

discovery miner vmprotect xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryminervmprotect

behavioral2

xmrigdiscoveryminervmprotect

© 2018-2025

Terms | Privacy