7cc35d1eb6961c962ae9fae96b4564c3f47d17b105af731910afe336f744f8ca | Triage

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7v20201028
submitted
18-01-2021 15:47

Sharing

Report Analysis Logs

General

Target

mine_btg.bat
Size

131B
MD5

9fd0452636f791144e62add94601834e
SHA1

21abeb78dbcb9491c8e92a387834cc3917d1912f
SHA256

faa338330b521339f9d725b74e610d53b922fc033deb6e486efbbc92a9871404
SHA512

1e582f3ce2cf8a72c33b81fb9d4065e21f4763a1e2f3758e8c409c2ee32d11860c6190bf4300b40243f42de04d585a35bd97e4c59c51407c81809092203049fa

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

miner.exe

pid process

2032 miner.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 792 wrote to memory of 2032	792	cmd.exe	miner.exe
PID 792 wrote to memory of 2032	792	cmd.exe	miner.exe
PID 792 wrote to memory of 2032	792	cmd.exe	miner.exe
PID 792 wrote to memory of 2032	792	cmd.exe	miner.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\mine_btg.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:792

C:\Users\Admin\AppData\Local\Temp\miner.exe
miner.exe --algo 144_5 --pers BgoldPoW --server eu.btgpool.pro --port 1445 --user GZdx44gPVFX7GfeWXA3kyiuXecym3CWGHi.rig0 --pass x
2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2032

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-2-0x0000000000000000-mapping.dmp

Download