7cc35d1eb6961c962ae9fae96b4564c3f47d17b105af731910afe336f744f8ca | Triage

Analysis

max time kernel
21s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
18-01-2021 15:47

Sharing

Report Analysis Logs

General

Target

mine_aeternity.bat
Size

122B
MD5

8ee582eee932b270d81a9b50968f235d
SHA1

78e1c9674ad0bd46a6b483e4e57d6ee3f12501ce
SHA256

41ba914d255dfd4fe2ed6ab36ec799a0a5a257e4dc291830e16aec3546c37283
SHA512

f479de8b0be0c5ab465bd1d49f4451aa63e83801039db7bc2359e22426011a6ddf447324ac1eb4d3738897421b564904267740367af4d989bdf2d19a0685d61f

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

miner.exe

pid process

1988 miner.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 296 wrote to memory of 1988	296	cmd.exe	miner.exe
PID 296 wrote to memory of 1988	296	cmd.exe	miner.exe
PID 296 wrote to memory of 1988	296	cmd.exe	miner.exe
PID 296 wrote to memory of 1988	296	cmd.exe	miner.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\mine_aeternity.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:296

C:\Users\Admin\AppData\Local\Temp\miner.exe
miner.exe --algo aeternity --server ae.f2pool.com --port 7898 --user ak_v4cBSQhjh8gc49XMmrt1ELXJDA8U7sDZVKhLJiAzjPymVFgFQ
2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-2-0x0000000000000000-mapping.dmp

Download