xmrig | ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...72.exe

windows7-x64

JaffaCakes...72.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372
Size

5.5MB
Sample

241224-ng7e9awlgt
MD5

ac1db2e5e852112f8a4e8405842a0bb8
SHA1

de44037d60b513ef07d58165304844ca845492eb
SHA256

ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372
SHA512

1d0638c28a2383597a3c728b79e3967a9ca4e949ef1709cc1854fb96d3e2c7904e888ad78d8472d8cec2101caf8cd0100a55c2d5575c1e1a04b10836651317fb
SSDEEP

98304:k2im1GVdUS4liwtcr07coc20OBR7diTUcOZWL7QcDoPjhPc8RjAyIKOQoa1:kSwz4liwtZcoc6ldSkK2AyHOQn

Score

10^/10

xmrig execution miner upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372.exe

Resource

win7-20241023-en

xmrig execution miner upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372.exe

Resource

win10v2004-20241007-en

xmrig execution miner upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372
- Size
  
  5.5MB
- MD5
  
  ac1db2e5e852112f8a4e8405842a0bb8
- SHA1
  
  de44037d60b513ef07d58165304844ca845492eb
- SHA256
  
  ae90d6fabc9bea021dcb788a0c5320b0aea8784d8ea0d1dafa90827545ccb372
- SHA512
  
  1d0638c28a2383597a3c728b79e3967a9ca4e949ef1709cc1854fb96d3e2c7904e888ad78d8472d8cec2101caf8cd0100a55c2d5575c1e1a04b10836651317fb
- SSDEEP
  
  98304:k2im1GVdUS4liwtcr07coc20OBR7diTUcOZWL7QcDoPjhPc8RjAyIKOQoa1:kSwz4liwtZcoc6ldSkK2AyHOQn
Score

10^/10

xmrig execution miner upx
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xmrigexecutionminerupx

behavioral2

xmrigexecutionminerupx

© 2018-2025

Terms | Privacy