xmrig | d73704388efda7810fa75528ac23b8750386c1dc8fd6c10e2017fd27dc200a53 | Triage

Submit
Reports

Overview

overview

Static

static

dc0e149a1c...18.exe

windows7-x64

dc0e149a1c...18.exe

windows10-2004-x64

Sharing

General

Target

dc0e149a1c03c43b955a3416dbfb2042_JaffaCakes118
Size

2.1MB
Sample

240912-h4wz5sxerj
MD5

dc0e149a1c03c43b955a3416dbfb2042
SHA1

ca7c66e26a82532d1d1dab8f7311e0cc94d9c3b1
SHA256

d73704388efda7810fa75528ac23b8750386c1dc8fd6c10e2017fd27dc200a53
SHA512

6956a06b93550ba8ba8003fa5daf619b50d8b834386a2af371d4496b18caeafb6aa940d759ce285243927e38c636e345e940c357555664359295922620d44273
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMc:NABU

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Static task

static1

upx miner xmrig

4 signatures

Behavioral task

behavioral1

Sample

dc0e149a1c03c43b955a3416dbfb2042_JaffaCakes118.exe

Resource

win7-20240903-en

xmrig execution miner persistence privilege_escalation upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc0e149a1c03c43b955a3416dbfb2042_JaffaCakes118.exe

Resource

win10v2004-20240802-en

xmrig execution miner persistence privilege_escalation upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc0e149a1c03c43b955a3416dbfb2042_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  dc0e149a1c03c43b955a3416dbfb2042
- SHA1
  
  ca7c66e26a82532d1d1dab8f7311e0cc94d9c3b1
- SHA256
  
  d73704388efda7810fa75528ac23b8750386c1dc8fd6c10e2017fd27dc200a53
- SHA512
  
  6956a06b93550ba8ba8003fa5daf619b50d8b834386a2af371d4496b18caeafb6aa940d759ce285243927e38c636e345e940c357555664359295922620d44273
- SSDEEP
  
  49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXHafMc:NABU
Score

10^/10

xmrig execution miner persistence privilege_escalation upx
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerpersistenceprivilege_escalationupx

behavioral2

xmrigexecutionminerpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy