7cc35d1eb6961c962ae9fae96b4564c3f47d17b105af731910afe336f744f8ca | Triage

Analysis

max time kernel
58s
max time network
61s
platform
windows7_x64
resource
win7v20201028
submitted
18-01-2021 15:47

Sharing

Report Analysis Logs

General

Target

mine_beam.bat
Size

150B
MD5

107582a877da4aee283b320ec2d94311
SHA1

b1987c7f0a80bb72648ee3eac67a41914d069373
SHA256

5f29b2190f2e8ce78600f5c02e1ff1e30434c561f540c61bd06baeb3c2127fb8
SHA512

5a673abf76191fe43ed37380723c1ad93569c31d23b8890d42f4a287be525459aa377e1674b7a4f08b1aa11d92816b9e038010d4f1c78a5ab1c8e91f51cc70b5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

miner.exe

pid process

1228 miner.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1668 wrote to memory of 1228	1668	cmd.exe	miner.exe
PID 1668 wrote to memory of 1228	1668	cmd.exe	miner.exe
PID 1668 wrote to memory of 1228	1668	cmd.exe	miner.exe
PID 1668 wrote to memory of 1228	1668	cmd.exe	miner.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\mine_beam.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\miner.exe
miner.exe --algo 150_5 --server beam.sparkpool.com --port 2222 --ssl 1 --user 100fd5cb7f85d33f74ef78f89e78cd0d5a63fc4965476eea4f77f024a57d99fa55.rig0
2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1228

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1228-2-0x0000000000000000-mapping.dmp

Download