Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ORIGIN BET...el.bat

windows10-1703-x64

10

ORIGIN BET...el.bat

windows10-2004-x64

10

ORIGIN BET...el.bat

windows11-21h2-x64

10

ORIGIN BET...el.bat

windows10-1703-x64

10

ORIGIN BET...el.bat

windows10-2004-x64

10

ORIGIN BET...el.bat

windows11-21h2-x64

10

ORIGIN BET...el.bat

windows10-1703-x64

10

ORIGIN BET...el.bat

windows10-2004-x64

10

ORIGIN BET...el.bat

windows11-21h2-x64

10

Resubmissions

03/09/2024, 12:14 UTC

240903-pelw7sxeke 10

03/09/2024, 12:12 UTC

240903-pdb1lswdjq 10

03/09/2024, 12:11 UTC

240903-pck7wswcrm 10

03/09/2024, 08:42 UTC

240903-kl4clsscqq 10

03/09/2024, 08:41 UTC

240903-klrzkstckc 10

03/09/2024, 08:41 UTC

240903-klkv9sscnn 10

03/09/2024, 08:40 UTC

240903-klbycstcjd 10

03/09/2024, 08:40 UTC

240903-kk236atcja 10

03/09/2024, 08:40 UTC

240903-kktrsatbrg 10

Analysis

  • max time kernel
    1794s
  • max time network
    1799s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 08:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ORIGIN BETA/1Kryptex-ETC-Rigel.bat

  • Size

    92B

  • MD5

    634f74bb86bbee797fb3fd78bb981c69

  • SHA1

    dacc178885db2349ad47b9e8d2fb6140dbb7ca61

  • SHA256

    4c42750d70f4097dd4de26367a7ee25704bca438e82476c4e9481246d067b632

  • SHA512

    07d76ed885fefa28765cfe3b6c42213fb43c6ec709a82aa7245c8896fe4e79b7d672fcf3043a658ed034e27449e9921f5120a911cb0a0ce8667d819e6d2720ef

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 63 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ORIGIN BETA\1Kryptex-ETC-Rigel.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\ORIGIN BETA\xmrig.exe
      xmrig --coin XMR --url "xmr.kryptex.network:7777" --user "scallorphee@gmail.com/WORKER_NAME"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2864
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3804,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
    1⤵
      PID:840
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4100,i,3387628439405076340,17957358341235678872,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
      1⤵
        PID:2152

      Network

      • flag-us
        DNS
        xmr.kryptex.network
        xmrig.exe
        Remote address:
        8.8.8.8:53
        Request
        xmr.kryptex.network
        IN A
        Response
        xmr.kryptex.network
        IN A
        157.90.32.66
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        settings-win.data.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        settings-win.data.microsoft.com
        IN A
        Response
        settings-win.data.microsoft.com
        IN CNAME
        atm-settingsfe-prod-geo2.trafficmanager.net
        atm-settingsfe-prod-geo2.trafficmanager.net
        IN CNAME
        settings-prod-wus2-2.westus2.cloudapp.azure.com
        settings-prod-wus2-2.westus2.cloudapp.azure.com
        IN A
        20.72.205.209
      • flag-us
        DNS
        104.219.191.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.219.191.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.144.22.2.in-addr.arpa
        IN PTR
        Response
        81.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-81deploystaticakamaitechnologiescom
      • flag-us
        DNS
        66.32.90.157.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        66.32.90.157.in-addr.arpa
        IN PTR
        Response
        66.32.90.157.in-addr.arpa
        IN PTR
        static663290157clients your-serverde
      • flag-us
        DNS
        23.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        183.59.114.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.59.114.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        107.12.20.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        107.12.20.2.in-addr.arpa
        IN PTR
        Response
        107.12.20.2.in-addr.arpa
        IN PTR
        a2-20-12-107deploystaticakamaitechnologiescom
      • flag-us
        DNS
        22.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        22.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        195.201.50.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.201.50.20.in-addr.arpa
        IN PTR
        Response
      • 157.90.32.66:7777
        xmr.kryptex.network
        xmrig.exe
        3.3kB
         9.9kB
         49
        48
      • 8.8.8.8:53
        xmr.kryptex.network
        dns
        xmrig.exe
        65 B
         81 B
         1
        1

        DNS Request

        xmr.kryptex.network

        DNS Response

        157.90.32.66

      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        143 B
         298 B
         2
        2

        DNS Request

        8.8.8.8.in-addr.arpa

        DNS Request

        settings-win.data.microsoft.com

        DNS Response

        20.72.205.209

      • 8.8.8.8:53
        104.219.191.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        104.219.191.52.in-addr.arpa

      • 8.8.8.8:53
        81.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        81.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        66.32.90.157.in-addr.arpa
        dns
        71 B
         127 B
         1
        1

        DNS Request

        66.32.90.157.in-addr.arpa

      • 8.8.8.8:53
        23.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        183.59.114.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        183.59.114.20.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        107.12.20.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        107.12.20.2.in-addr.arpa

      • 8.8.8.8:53
        22.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        22.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        195.201.50.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        195.201.50.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2864-0-0x00000245A0D90000-0x00000245A0DB0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2864-1-0x00000245A2580000-0x00000245A25A0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2864-2-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-3-0x00000245A25A0000-0x00000245A25C0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2864-4-0x0000024634C20000-0x0000024634C40000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2864-5-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-6-0x00000245A25A0000-0x00000245A25C0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2864-7-0x0000024634C20000-0x0000024634C40000-memory.dmp

        Filesize

        128KB

        Download

      • memory/2864-8-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-9-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-10-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-11-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-12-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-13-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-14-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-15-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-16-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-17-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-18-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-19-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-20-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-21-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-22-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-23-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-24-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-25-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-26-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-27-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-28-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-29-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-30-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-31-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-32-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-33-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-34-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-35-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-36-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-37-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-38-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-39-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-40-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-41-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-42-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-43-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-44-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-45-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-46-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-47-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-48-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-49-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-50-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-51-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-52-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-53-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-54-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-55-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-56-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-57-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-58-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-59-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-60-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-61-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-62-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-63-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-64-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-65-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-66-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-67-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      • memory/2864-68-0x00007FF6607E0000-0x00007FF661412000-memory.dmp

        Filesize

        12.2MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.