92286c52cdfec8c784a86b193e0683dbb5308f94f6a0ae15b15e06880d67d26b

Analysis

max time kernel
43s
max time network
109s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
10/10/2022, 15:38

Target

test/mine_ravencoin.bat
Size

142B
MD5

13aa80918b2f80825a0f853716956bf6
SHA1

1385ed978eb4d10afeed89ff8c4a613c60182c65
SHA256

df3aa6e28f9f24895563b3a775ddc77a85930dbc9d35dc6f6998521db0244e13
SHA512

27dfe839957566f53f70f412630168796dc30a9ddca9d50e5fcdcb281da61c2f798eb7df0a1b235b7c5163adc28aba97b73c624f473c3debe5fc08f933537a78

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2024	1076	cmd.exe	28
PID 1076 wrote to memory of 2024	1076	cmd.exe	28
PID 1076 wrote to memory of 2024	1076	cmd.exe	28
PID 2024 wrote to memory of 948	2024	miner.exe	29
PID 2024 wrote to memory of 948	2024	miner.exe	29
PID 2024 wrote to memory of 948	2024	miner.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\test\mine_ravencoin.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Users\Admin\AppData\Local\Temp\test\miner.exe
  miner.exe --algo kawpow --server stratum-ravencoin.flypool.org:3333 --user RVmByzsvZxLD8T4f9b4WRTGs88FNA9Dnja.RTX_2060 --templimit 80
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\test\miner.exe
    "C:\Users\Admin\AppData\Local\Temp\test\miner.exe" --algo kawpow --server stratum-ravencoin.flypool.org:3333 --user RVmByzsvZxLD8T4f9b4WRTGs88FNA9Dnja.RTX_2060 --templimit 80 --watchdog_child_process0
    3⤵
    PID:948