a5e2bf028e51e0da0f17ad21309a90afde1890690f1efb39535ecaa74b8b56a3

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 18:55

Target

Zcash Miner EBWF's 0.3.4b/miner.exe
Size

312KB
MD5

4db0c33744bdc72fdf35ecc5f0297010
SHA1

6a3b664eaf9ad476467b04ed3a04f10226df1e54
SHA256

84dd02debbf2b0c5ed7eebf813305543265e34ec98635139787bf8b882e7c7b4
SHA512

19b09020d259715e803a31dded82c202e54b584a1434fa2a71dd6d5841465c46eac9bd15e54d8279b419e7b90b062b0f91ab97ee946a984552472a6398f8e0bc
SSDEEP

6144:z8PpfHrY0y/uuIJBiRdlJ/ERpBvBd6mmwesimoiWJgAV:MHFhiDvEBL6mm4imoiWJgA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 1628	1844	miner.exe	29
PID 1844 wrote to memory of 1628	1844	miner.exe	29
PID 1844 wrote to memory of 1628	1844	miner.exe	29

C:\Users\Admin\AppData\Local\Temp\Zcash Miner EBWF's 0.3.4b\miner.exe
"C:\Users\Admin\AppData\Local\Temp\Zcash Miner EBWF's 0.3.4b\miner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1628