2d892e65432b58585112e78deec5750652a25249dd4f56e0fd6d47fe7804baf1 | Triage

Analysis

max time kernel
23s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 12:35

Sharing

Report Analysis Logs

General

Target

Silent Crypto Miner Builder.exe
Size

139KB
MD5

29d9c4a6c0be4ebb665ca5f423da7bdb
SHA1

d22b7b928436ba4f9d7a3a40a6db20a227b57c2a
SHA256

d833831e38738d03ed6156ec458d3252c379cf7c9c986fcfe8626184d3bceafd
SHA512

114e82df03e624ef350a5c71bd05594f9075afce7a2d978ede81a9cc086a9d87fec7884b5f5e7e1b52b8a24741fdaf453033b486b87d79cc599af37162870d0d
SSDEEP

3072:+zIJ3v9gOYQTTwVGKCXH6ZKjjJHYFc778K3o:zJ3vtYQTT6GKCuOr3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1896	2044	Silent Crypto Miner Builder.exe	31
PID 2044 wrote to memory of 1896	2044	Silent Crypto Miner Builder.exe	31
PID 2044 wrote to memory of 1896	2044	Silent Crypto Miner Builder.exe	31

C:\Users\Admin\AppData\Local\Temp\Silent Crypto Miner Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Silent Crypto Miner Builder.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 520
  2⤵
  PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-0-0x000007FEF5953000-0x000007FEF5954000-memory.dmp

Filesize
4KB

Download
memory/2044-1-0x000000013FA20000-0x000000013FA46000-memory.dmp

Filesize
152KB

Download
memory/2044-2-0x000007FEF5953000-0x000007FEF5954000-memory.dmp

Filesize
4KB

Download