tria.ge
Open in
urlscan Pro
2606:4700:4400::ac40:9370
Public Scan
URL:
https://tria.ge/241013-g81cpatbjc
Submission: On December 18 via api from IN — Scanned from US
Submission: On December 18 via api from IN — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
* Submit
* Reports
*
Overview
overview
10
Static
static
3
4635a9149c...7c.exe
windows7-x64
10
4635a9149c...7c.exe
windows10-2004-x64
10
Download SampleFeedbackPrint to PDF
SHARING
Copy URL
Twitter E-mail
GENERAL
* Target
4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c.exe
* Size
10.5MB
* Sample
241013-g81cpatbjc
* MD5
356279b22763084935165ad080b0ae9a
* SHA1
90877794babb6b77add711b1c4d422229e86cb8b
* SHA256
4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c
* SHA512
0a0f8772dcdd7de924f4544fc7f2a11bfd9bcab6db462c2367b393936a2d109c154a77028530cfbf5118c2c8e3125cfe84e753f136a58c004ac053c7f8072d73
* SSDEEP
196608:lLdF2/rYqrt2P5M6X8wvmOwfiQr+5oSJkT:lpM/rYqrkxHvGWoSM
Score
10/10
xmrigevasionexecutionminerpersistence
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c.exe
Resource
win7-20241010-en
xmrigevasionexecutionminerpersistence
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c.exe
Resource
win10v2004-20241007-en
xmrigevasionexecutionminerpersistence
windows10-2004-x64
11 signatures
150 seconds
MALWARE CONFIG
TARGETS
* * Target
4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c.exe
* Size
10.5MB
* MD5
356279b22763084935165ad080b0ae9a
* SHA1
90877794babb6b77add711b1c4d422229e86cb8b
* SHA256
4635a9149c53a2fbc072ceb338351d3b149e093cd43163e01d629bb016f8cd7c
* SHA512
0a0f8772dcdd7de924f4544fc7f2a11bfd9bcab6db462c2367b393936a2d109c154a77028530cfbf5118c2c8e3125cfe84e753f136a58c004ac053c7f8072d73
* SSDEEP
196608:lLdF2/rYqrt2P5M6X8wvmOwfiQr+5oSJkT:lpM/rYqrkxHvGWoSM
Score
10/10
xmrigevasionexecutionminerpersistence
* XMRIG
XMRig is a high performance, open source, cross platform CPU/GPU miner.
minerxmrig
* XMRIG MINER PAYLOAD
miner
* CREATES NEW SERVICE(S)
persistenceexecution
* STOPS RUNNING SERVICE(S)
evasionexecution
* EXECUTES DROPPED EXE
* LOADS DROPPED DLL
* POWER SETTINGS
powercfg controls all configurable power system settings on a Windows
system and can be abused to prevent an infected host from locking or
shutting down.
persistence
* SUSPICIOUS USE OF SETTHREADCONTEXT
behavioral1behavioral2
MITRE ATT&CK ENTERPRISE V15
Reconnaissance
Resource Development
Initial Access
Execution
System Services
2
T1569
Service Execution
2
T1569.002
Persistence
Create or Modify System Process
2
T1543
Windows Service
2
T1543.003
Power Settings
1
T1653
Privilege Escalation
Create or Modify System Process
2
T1543
Windows Service
2
T1543.003
Defense Evasion
Impair Defenses
1
T1562
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Service Stop
1
T1489
TASKS
STATIC1
Score
3/10
BEHAVIORAL1
xmrigevasionexecutionminerpersistence
Score
10/10
BEHAVIORAL2
xmrigevasionexecutionminerpersistence
Score
10/10
© 2018-2024
Terms | Privacy
WE CARE ABOUT YOUR PRIVACY.
This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.
Accept