Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...4).bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ro.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...4).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...um.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

Resubmissions

01/10/2024, 19:23 UTC

241001-x3szeszekf 10

23/09/2024, 10:45 UTC

240923-mteqbsvdkj 10

22/09/2024, 13:14 UTC

240922-qgq5da1flh 10

22/09/2024, 13:13 UTC

240922-qgf96s1eml 10

22/09/2024, 13:12 UTC

240922-qfysts1fjb 10

22/09/2024, 13:12 UTC

240922-qfsa2s1erd 10

22/09/2024, 11:50 UTC

240922-nzne4aybjf 10

22/09/2024, 11:50 UTC

240922-nzmtkaxhrr 10

22/09/2024, 11:50 UTC

240922-nzlw9sxhrp 10

22/09/2024, 11:49 UTC

240922-nzfegsxhqr 10

Analysis

  • max time kernel
    290s
  • max time network
    306s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/09/2024, 11:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEST POP/Start-Monero - Copie (2) - Copie.bat

  • Size

    105B

  • MD5

    94f509728ba74ed638dc087d0e9130cd

  • SHA1

    e8ae09cdc5ae390b0b8e9f071bce1c0bf888ab01

  • SHA256

    ca6f6d968bb34080f34c84a81bc7c1dd0b3976577752e2a50cf2f4ee48cf1cf2

  • SHA512

    94a466db3b011c0bf0c844fc27cfdb914f2d29b930c75a80b73681661c00ae3a7183ec2be82f1c7f7f70239f35406289a00df4f3b756d99c905baff629214e37

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 29 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Monero - Copie (2) - Copie.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3360
    • C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
      xmrig.exe --coin XMR --url "xmr.kryptex.network:7777" --user scallorphee@gmail.com -p x -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3004

Network

  • flag-us
    DNS
    xmr.kryptex.network
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    xmr.kryptex.network
    IN A
    Response
    xmr.kryptex.network
    IN A
    157.90.32.66
  • flag-us
    DNS
    66.32.90.157.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    66.32.90.157.in-addr.arpa
    IN PTR
    Response
    66.32.90.157.in-addr.arpa
    IN PTR
    static663290157clients your-serverde
  • flag-us
    DNS
    nexusrules.officeapps.live.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    nexusrules.officeapps.live.com
    IN A
    Response
    nexusrules.officeapps.live.com
    IN CNAME
    prod.nexusrules.live.com.akadns.net
    prod.nexusrules.live.com.akadns.net
    IN A
    52.111.229.19
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    self.events.data.microsoft.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
    Response
    self.events.data.microsoft.com
    IN CNAME
    self-events-data.trafficmanager.net
    self-events-data.trafficmanager.net
    IN CNAME
    onedscolprdeus07.eastus.cloudapp.azure.com
    onedscolprdeus07.eastus.cloudapp.azure.com
    IN A
    52.168.117.168
  • flag-us
    DNS
    168.117.168.52.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    168.117.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    wu.azureedge.net
    wu.azureedge.net
    IN CNAME
    wu.ec.azureedge.net
    wu.ec.azureedge.net
    IN CNAME
    bg.apr-52dd2-0503.edgecastdns.net
    bg.apr-52dd2-0503.edgecastdns.net
    IN CNAME
    hlb.apr-52dd2-0.edgecastdns.net
    hlb.apr-52dd2-0.edgecastdns.net
    IN CNAME
    cs11.wpc.v0cdn.net
    cs11.wpc.v0cdn.net
    IN A
    93.184.221.240
  • flag-us
    DNS
    ocsp.digicert.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • 157.90.32.66:7777
    xmr.kryptex.network
    xmrig.exe
    1.9kB
     1.8kB
     18
    17
  • 52.111.227.14:443
    322 B
     7
  • 8.8.8.8:53
    xmr.kryptex.network
    dns
    xmrig.exe
    638 B
     1.5kB
     9
    9

    DNS Request

    xmr.kryptex.network

    DNS Response

    157.90.32.66

    DNS Request

    66.32.90.157.in-addr.arpa

    DNS Request

    nexusrules.officeapps.live.com

    DNS Response

    52.111.229.19

    DNS Request

    19.229.111.52.in-addr.arpa

    DNS Request

    self.events.data.microsoft.com

    DNS Response

    52.168.117.168

    DNS Request

    168.117.168.52.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    93.184.221.240

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

    DNS Request

    240.221.184.93.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-0-0x00000119AF490000-0x00000119AF4B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-1-0x00000119B0C90000-0x00000119B0CB0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-2-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-5-0x00000119B0CD0000-0x00000119B0CF0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-4-0x00000119B0CB0000-0x00000119B0CD0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-3-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-7-0x00000119B0CD0000-0x00000119B0CF0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-6-0x00000119B0CB0000-0x00000119B0CD0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3004-8-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-9-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-10-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-11-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-12-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-13-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-14-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-15-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-16-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-17-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-18-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-19-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-20-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-21-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-22-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-23-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-24-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-25-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-26-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-27-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-28-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-29-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-30-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-31-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-32-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-33-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/3004-34-0x00007FF6AC3E0000-0x00007FF6AD012000-memory.dmp

    Filesize

    12.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.