xmrig | 4cf3adf6ecaf8ec4005f6c29e806e68fac011f21c9c1920a4a3efa03e62151e6 | Triage

Submit
Reports

Overview

overview

Static

static

3

894875eba3...67.exe

windows7-x64

8

894875eba3...67.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_4cf3adf6ecaf8ec4005f6c29e806e68fac011f21c9c1920a4a3efa03e62151e6
Size

46KB
Sample

241224-xxmkfsvlfp
MD5

957c9a55c5f0c368f3b35186a7cadcef
SHA1

f3c41eeac7815b66fdf0230090cb49e77dd2637a
SHA256

4cf3adf6ecaf8ec4005f6c29e806e68fac011f21c9c1920a4a3efa03e62151e6
SHA512

3a7b88fd6bf0477fe9588291ead883dee3531e866c9b7b7d8c8078f48452899b96768c2b0932f0c9cced7002f5ac53697c74dcbdb02eb5a1f42627aacc261a99
SSDEEP

768:FXXk3THZjCqMC3xByJekL/KKp4LqpqZIZYUmVr2VG4RMLBwhabvEOvcp/SCQ:FXIZj1J3Dy7bpp7pwI2UMl4RyBLvcpO

Score

10^/10

xmrig execution miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

894875eba3d359b0f02b3a4a38de35cfe06dc0633b96a43be14c1c4869b5a667.exe

Resource

win7-20240903-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

894875eba3d359b0f02b3a4a38de35cfe06dc0633b96a43be14c1c4869b5a667.exe

Resource

win10v2004-20241007-en

xmrig execution miner

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  894875eba3d359b0f02b3a4a38de35cfe06dc0633b96a43be14c1c4869b5a667
- Size
  
  110KB
- MD5
  
  5a465bcb371fb929a0036e6273616d44
- SHA1
  
  33cc1535f7cece4fba12ab2834c370a892d27601
- SHA256
  
  894875eba3d359b0f02b3a4a38de35cfe06dc0633b96a43be14c1c4869b5a667
- SHA512
  
  d4741154e5d3e9a1f6d94200d28f0d379ae3382a10848ab55a26be563e72a55d74c633e1a304501084bd9a1dc882e4b8ae216839a692c247d0006d7f4192e822
- SSDEEP
  
  1536:ErZ2Ycqg5o/iyOybKyzfF95ibIAvKJY2:ErgJqTaypKifF90Pg
Score

10^/10

execution xmrig miner
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xmrigexecutionminer

© 2018-2025

Terms | Privacy