Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...2).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...3).bat

windows10-1703-x64

10

TEST POP/S...4).bat

windows10-1703-x64

10

TEST POP/S...2).bat

windows10-1703-x64

10

TEST POP/S...3).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ro.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...2).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...3).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...4).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...2).bat

windows10-1703-x64

10

TEST POP/S...3).bat

windows10-1703-x64

10

TEST POP/S...2).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...um.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...2).bat

windows10-1703-x64

10

TEST POP/S...ie.bat

windows10-1703-x64

10

TEST POP/S...3).bat

windows10-1703-x64

10

Resubmissions

01/10/2024, 19:23 UTC

241001-x3szeszekf 10

23/09/2024, 10:45 UTC

240923-mteqbsvdkj 10

22/09/2024, 13:14 UTC

240922-qgq5da1flh 10

22/09/2024, 13:13 UTC

240922-qgf96s1eml 10

22/09/2024, 13:12 UTC

240922-qfysts1fjb 10

22/09/2024, 13:12 UTC

240922-qfsa2s1erd 10

22/09/2024, 11:50 UTC

240922-nzne4aybjf 10

22/09/2024, 11:50 UTC

240922-nzmtkaxhrr 10

22/09/2024, 11:50 UTC

240922-nzlw9sxhrp 10

22/09/2024, 11:49 UTC

240922-nzfegsxhqr 10

Analysis

  • max time kernel
    291s
  • max time network
    306s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/09/2024, 13:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEST POP/Start-Salvium - Copie (3).bat

  • Size

    102B

  • MD5

    f6c3ca8b6489dd2343401ed0610a47ce

  • SHA1

    1d6342ce8af33a4ba298d7b5e619502a7dbfe195

  • SHA256

    1496fedb69b8dd719ebe2413ad6d59c5277d928bff1a86df265dee9060a007a0

  • SHA512

    089a357fe5cd949df1b997a52e65fccf2ed2d493b40b86f896a1d79c26b94544a66a4aaba12ee3a7511a721c795a9728011d18d334f6663a563ad0bbbba0ee1b

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 29 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Salvium - Copie (3).bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:380
    • C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
      xmrig.exe -a rx/0 --url "sal.kryptex.network:7777" --user scallorphee@gmail.com -p x -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2404

Network

  • flag-us
    DNS
    sal.kryptex.network
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    sal.kryptex.network
    IN A
    Response
    sal.kryptex.network
    IN A
    5.9.61.230
  • flag-us
    DNS
    230.61.9.5.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    230.61.9.5.in-addr.arpa
    IN PTR
    Response
    230.61.9.5.in-addr.arpa
    IN PTR
    static2306195clients your-serverde
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    159.113.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    159.113.53.23.in-addr.arpa
    IN PTR
    Response
    159.113.53.23.in-addr.arpa
    IN PTR
    a23-53-113-159deploystaticakamaitechnologiescom
  • 5.9.61.230:7777
    sal.kryptex.network
    xmrig.exe
    1.4kB
     2.8kB
     14
    12
  • 52.142.223.178:80
    46 B
     1
  • 8.8.8.8:53
    sal.kryptex.network
    dns
    xmrig.exe
    65 B
     81 B
     1
    1

    DNS Request

    sal.kryptex.network

    DNS Response

    5.9.61.230

  • 8.8.8.8:53
    230.61.9.5.in-addr.arpa
    dns
    69 B
     123 B
     1
    1

    DNS Request

    230.61.9.5.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    208.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    208.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    159.113.53.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    159.113.53.23.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2404-0-0x000001C779920000-0x000001C779940000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2404-1-0x000001C779970000-0x000001C779990000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2404-2-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-3-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-4-0x000001C779990000-0x000001C7799B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2404-5-0x000001C7799B0000-0x000001C7799D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2404-6-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-8-0x000001C7799B0000-0x000001C7799D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2404-7-0x000001C779990000-0x000001C7799B0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2404-9-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-10-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-11-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-12-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-13-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-14-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-15-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-16-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-17-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-18-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-19-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-20-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-21-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-22-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-23-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-24-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-25-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-26-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-27-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-28-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-29-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-30-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-31-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-32-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-33-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/2404-34-0x00007FF774870000-0x00007FF7754A2000-memory.dmp

    Filesize

    12.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.