xmrig | 3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...d5.exe

windows7-x64

JaffaCakes...d5.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5
Size

11.8MB
Sample

241224-3na3ys1jgy
MD5

a5816f6bba79d7761d42ee61d8bd11f5
SHA1

90c05a7427b077fbe81c34fd6fc4f2e6bc608558
SHA256

3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5
SHA512

51c794ce8569c367f475ffb85c15f5efa10c5ea7da86b1336fbeb1cab2fcf5468a26feed252a2fe5eaa5a376a9ae9bd5f87d9b28cc90580e6e98b3d242076eda
SSDEEP

196608:kF7gX0Meai3sCD1yjXEypazPx7WVacovyq6aejL+jGD71iEHiaJzZvdE+cZLIAfr:kF7oxeOOy9ajx0rq+jL+aD5iORdKZMkr

Score

10^/10

xmrig discovery miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5.exe

Resource

win7-20240903-en

xmrig discovery miner

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5.exe

Resource

win10v2004-20241007-en

xmrig discovery miner

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5
- Size
  
  11.8MB
- MD5
  
  a5816f6bba79d7761d42ee61d8bd11f5
- SHA1
  
  90c05a7427b077fbe81c34fd6fc4f2e6bc608558
- SHA256
  
  3680374ad10154284b2416650dc1580d1dc17fa17571becd25f5480fc29a14d5
- SHA512
  
  51c794ce8569c367f475ffb85c15f5efa10c5ea7da86b1336fbeb1cab2fcf5468a26feed252a2fe5eaa5a376a9ae9bd5f87d9b28cc90580e6e98b3d242076eda
- SSDEEP
  
  196608:kF7gX0Meai3sCD1yjXEypazPx7WVacovyq6aejL+jGD71iEHiaJzZvdE+cZLIAfr:kF7oxeOOy9ajx0rq+jL+aD5iORdKZMkr
Score

10^/10

xmrig discovery miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigdiscoveryminer

behavioral2

xmrigdiscoveryminer

© 2018-2025

Terms | Privacy