Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...4).bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ro.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...4).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...um.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

Resubmissions

01/10/2024, 19:23 UTC

241001-x3szeszekf 10

23/09/2024, 10:45 UTC

240923-mteqbsvdkj 10

22/09/2024, 13:14 UTC

240922-qgq5da1flh 10

22/09/2024, 13:13 UTC

240922-qgf96s1eml 10

22/09/2024, 13:12 UTC

240922-qfysts1fjb 10

22/09/2024, 13:12 UTC

240922-qfsa2s1erd 10

22/09/2024, 11:50 UTC

240922-nzne4aybjf 10

22/09/2024, 11:50 UTC

240922-nzmtkaxhrr 10

22/09/2024, 11:50 UTC

240922-nzlw9sxhrp 10

22/09/2024, 11:49 UTC

240922-nzfegsxhqr 10

Analysis

  • max time kernel
    299s
  • max time network
    285s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/09/2024, 11:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEST POP/Start-Zephyr - Copie (3) - Copie.bat

  • Size

    109B

  • MD5

    ac98ba1277cf60c6d1b4cf9891469b42

  • SHA1

    cefc8cd79edb7145fcfc5ded137887298147a5e2

  • SHA256

    d1010eddf74f535336792bc8b31d73a2df0f00a10f083d93c5856ef6c9ef6699

  • SHA512

    fbff0ee8ec53bd575a6adcabd3eb8167a7936293efdabe166e046f103a585f224dd2d43903571b1554f6d57b70c010a6220e2b8d0ad024b2bb68d4a7ea8fa826

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 10 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Zephyr - Copie (3) - Copie.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4596
    • C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
      xmrig.exe --coin zephyr --url "zeph.kryptex.network:7777" --user scallorphee@gmail.com -p x -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2132

Network

  • flag-us
    DNS
    zeph.kryptex.network
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    zeph.kryptex.network
    IN A
    Response
    zeph.kryptex.network
    IN A
    135.125.145.21
    zeph.kryptex.network
    IN A
    135.125.128.34
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    34.128.125.135.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    34.128.125.135.in-addr.arpa
    IN PTR
    Response
    34.128.125.135.in-addr.arpa
    IN PTR
    ip34ip-135-125-128eu
  • flag-us
    DNS
    nexusrules.officeapps.live.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    nexusrules.officeapps.live.com
    IN A
    Response
    nexusrules.officeapps.live.com
    IN CNAME
    prod.nexusrules.live.com.akadns.net
    prod.nexusrules.live.com.akadns.net
    IN A
    52.111.229.19
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 135.125.128.34:7777
    zeph.kryptex.network
    xmrig.exe
    1.6kB
     3.6kB
     19
    18
  • 8.8.8.8:53
    zeph.kryptex.network
    dns
    xmrig.exe
    353 B
     596 B
     5
    5

    DNS Request

    zeph.kryptex.network

    DNS Response

    135.125.145.21
    135.125.128.34

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    34.128.125.135.in-addr.arpa

    DNS Request

    nexusrules.officeapps.live.com

    DNS Response

    52.111.229.19

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2132-0-0x000002C4DBA30000-0x000002C4DBA50000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2132-1-0x000002C4DBA80000-0x000002C4DBAA0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2132-2-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-3-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-4-0x000002C4DBAA0000-0x000002C4DBAC0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2132-5-0x000002C4DBAC0000-0x000002C4DBAE0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2132-6-0x000002C4DBAA0000-0x000002C4DBAC0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2132-8-0x000002C4DBAC0000-0x000002C4DBAE0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2132-7-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-9-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-10-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-11-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-12-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-13-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-14-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-15-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-16-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-17-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-18-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-19-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-20-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-21-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-22-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-23-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-24-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-25-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-26-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-27-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-28-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-29-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-30-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-31-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-32-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-33-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2132-34-0x00007FF6DC950000-0x00007FF6DD582000-memory.dmp

    Filesize

    12.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.