xmrig | 98ced6e951485c45ebdeda3bbc04bd2918867e0490900b39789d9b4637a7409c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

test.exe

windows10-1703-x64

test.exe

windows7-x64

test.exe

windows10-1703-x64

test.exe

windows10-2004-x64

test.exe

windows11-21h2-x64

Sharing

General

Target

test.exe
Size

29.7MB
Sample

240904-w1cc8awcje
MD5

531a4e282c420c64d7b545a9c4e0fb4d
SHA1

998d298e9ff967bec6f03bf8e8e8f03b4b3728db
SHA256

98ced6e951485c45ebdeda3bbc04bd2918867e0490900b39789d9b4637a7409c
SHA512

c1d8296e2ba1e1ca9e1860548b884414e2cde06c584c40a4306d248b9c9ccbbff7e55a717d742ea14cc849db41838cfa6feb7638d888c627ff95abcb13df6730
SSDEEP

786432:k99QkndbvqJ6+eH57FU4hxLq54xTxyCuYWQzJ2Mbvn:i1nM8hHxPhxO5iTECuYWQzJ7bv

Score

10^/10

xmrig execution miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

test.exe

Resource

win10-20240404-en

xmrig execution miner

windows10-1703-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

test.exe

Resource

win7-20240729-en

xmrig execution miner

windows7-x64

12 signatures

300 seconds

Behavioral task

behavioral3

Sample

test.exe

Resource

win10-20240404-en

xmrig execution miner

windows10-1703-x64

11 signatures

300 seconds

Behavioral task

behavioral4

Sample

test.exe

Resource

win10v2004-20240802-en

xmrig execution miner

windows10-2004-x64

11 signatures

300 seconds

Behavioral task

behavioral5

Sample

test.exe

Resource

win11-20240802-en

xmrig execution miner

windows11-21h2-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  test.exe
- Size
  
  29.7MB
- MD5
  
  531a4e282c420c64d7b545a9c4e0fb4d
- SHA1
  
  998d298e9ff967bec6f03bf8e8e8f03b4b3728db
- SHA256
  
  98ced6e951485c45ebdeda3bbc04bd2918867e0490900b39789d9b4637a7409c
- SHA512
  
  c1d8296e2ba1e1ca9e1860548b884414e2cde06c584c40a4306d248b9c9ccbbff7e55a717d742ea14cc849db41838cfa6feb7638d888c627ff95abcb13df6730
- SSDEEP
  
  786432:k99QkndbvqJ6+eH57FU4hxLq54xTxyCuYWQzJ2Mbvn:i1nM8hHxPhxO5iTECuYWQzJ7bv
Score

10^/10

xmrig execution miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminer

behavioral2

xmrigexecutionminer

behavioral3

xmrigexecutionminer

behavioral4

xmrigexecutionminer

behavioral5

xmrigexecutionminer

© 2018-2025

Terms | Privacy