Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...4).bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ro.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...4).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...um.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...2).bat

windows11-21h2-x64

10

TEST POP/S...ie.bat

windows11-21h2-x64

10

TEST POP/S...3).bat

windows11-21h2-x64

10

Resubmissions

01/10/2024, 19:23 UTC

241001-x3szeszekf 10

23/09/2024, 10:45 UTC

240923-mteqbsvdkj 10

22/09/2024, 13:14 UTC

240922-qgq5da1flh 10

22/09/2024, 13:13 UTC

240922-qgf96s1eml 10

22/09/2024, 13:12 UTC

240922-qfysts1fjb 10

22/09/2024, 13:12 UTC

240922-qfsa2s1erd 10

22/09/2024, 11:50 UTC

240922-nzne4aybjf 10

22/09/2024, 11:50 UTC

240922-nzmtkaxhrr 10

22/09/2024, 11:50 UTC

240922-nzlw9sxhrp 10

22/09/2024, 11:49 UTC

240922-nzfegsxhqr 10

Analysis

  • max time kernel
    1790s
  • max time network
    1765s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/10/2024, 19:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TEST POP/Start-Salvium - Copie (2) - Copie - Copie.bat

  • Size

    102B

  • MD5

    f6c3ca8b6489dd2343401ed0610a47ce

  • SHA1

    1d6342ce8af33a4ba298d7b5e619502a7dbfe195

  • SHA256

    1496fedb69b8dd719ebe2413ad6d59c5277d928bff1a86df265dee9060a007a0

  • SHA512

    089a357fe5cd949df1b997a52e65fccf2ed2d493b40b86f896a1d79c26b94544a66a4aaba12ee3a7511a721c795a9728011d18d334f6663a563ad0bbbba0ee1b

Score
10/10
xmrigminer

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 63 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TEST POP\Start-Salvium - Copie (2) - Copie - Copie.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Users\Admin\AppData\Local\Temp\TEST POP\xmrig.exe
      xmrig.exe -a rx/0 --url "sal.kryptex.network:7777" --user scallorphee@gmail.com -p x -k
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4908

Network

  • flag-us
    DNS
    sal.kryptex.network
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    sal.kryptex.network
    IN A
    Response
    sal.kryptex.network
    IN A
    5.9.61.230
  • flag-us
    DNS
    230.61.9.5.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    230.61.9.5.in-addr.arpa
    IN PTR
    Response
    230.61.9.5.in-addr.arpa
    IN PTR
    static2306195clients your-serverde
  • flag-us
    DNS
    nexusrules.officeapps.live.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    nexusrules.officeapps.live.com
    IN A
    Response
    nexusrules.officeapps.live.com
    IN CNAME
    prod.nexusrules.live.com.akadns.net
    prod.nexusrules.live.com.akadns.net
    IN A
    52.111.227.13
  • flag-us
    DNS
    self.events.data.microsoft.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
    Response
    self.events.data.microsoft.com
    IN CNAME
    self-events-data.trafficmanager.net
    self-events-data.trafficmanager.net
    IN CNAME
    onedscolprdeus10.eastus.cloudapp.azure.com
    onedscolprdeus10.eastus.cloudapp.azure.com
    IN A
    52.168.117.169
  • flag-us
    DNS
    169.117.168.52.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    169.117.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    download.windowsupdate.com.edgesuite.net
    download.windowsupdate.com.edgesuite.net
    IN CNAME
    a767.dspw65.akamai.net
    a767.dspw65.akamai.net
    IN A
    2.20.12.94
    a767.dspw65.akamai.net
    IN A
    2.20.12.97
  • flag-us
    DNS
    ocsp.digicert.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    ocsp.digicert.com
    IN A
    Response
    ocsp.digicert.com
    IN CNAME
    ocsp.edge.digicert.com
    ocsp.edge.digicert.com
    IN CNAME
    fp2e7a.wpc.2be4.phicdn.net
    fp2e7a.wpc.2be4.phicdn.net
    IN CNAME
    fp2e7a.wpc.phicdn.net
    fp2e7a.wpc.phicdn.net
    IN A
    192.229.221.95
  • flag-us
    DNS
    94.12.20.2.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    94.12.20.2.in-addr.arpa
    IN PTR
    Response
    94.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-94deploystaticakamaitechnologiescom
  • flag-us
    DNS
    ctldl.windowsupdate.com
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    download.windowsupdate.com.edgesuite.net
    download.windowsupdate.com.edgesuite.net
    IN CNAME
    a767.dspw65.akamai.net
    a767.dspw65.akamai.net
    IN A
    2.23.210.88
    a767.dspw65.akamai.net
    IN A
    2.23.210.83
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • 5.9.61.230:7777
    sal.kryptex.network
    xmrig.exe
    6.6kB
     12.4kB
     87
    75
  • 8.8.8.8:53
    sal.kryptex.network
    dns
    xmrig.exe
    699 B
     1.7kB
     10
    10

    DNS Request

    sal.kryptex.network

    DNS Response

    5.9.61.230

    DNS Request

    230.61.9.5.in-addr.arpa

    DNS Request

    nexusrules.officeapps.live.com

    DNS Response

    52.111.227.13

    DNS Request

    self.events.data.microsoft.com

    DNS Response

    52.168.117.169

    DNS Request

    169.117.168.52.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    2.20.12.94
    2.20.12.97

    DNS Request

    ocsp.digicert.com

    DNS Response

    192.229.221.95

    DNS Request

    94.12.20.2.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    2.23.210.88
    2.23.210.83

    DNS Request

    88.210.23.2.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4908-0-0x000002448E6D0000-0x000002448E6F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4908-1-0x000002448E720000-0x000002448E740000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4908-2-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-3-0x0000024490000000-0x0000024490020000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4908-4-0x0000024490020000-0x0000024490040000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4908-5-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-6-0x0000024490000000-0x0000024490020000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4908-7-0x0000024490020000-0x0000024490040000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4908-8-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-9-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-10-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-11-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-12-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-13-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-14-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-15-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-16-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-17-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-18-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-19-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-20-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-21-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-22-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-23-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-24-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-25-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-26-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-27-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-28-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-29-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-30-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-31-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-32-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-33-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-34-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-35-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-36-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-37-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-38-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-39-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-40-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-41-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-42-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-43-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-44-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-45-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-46-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-47-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-48-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-49-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-50-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-51-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-52-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-53-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-54-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-55-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-56-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-57-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-58-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-59-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-60-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-61-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-62-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-63-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-64-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-65-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-66-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-67-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

  • memory/4908-68-0x00007FF6CEEA0000-0x00007FF6CFAD2000-memory.dmp

    Filesize

    12.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.