Overview

overview

7

Static

static

1

coinbase/a...er.jar

windows7-x64

1

coinbase/a...er.jar

windows10-2004-x64

1

coinbase/a...radlew

ubuntu-18.04-amd64

1

coinbase/a...radlew

debian-9-armhf

1

coinbase/a...radlew

debian-9-mips

1

coinbase/a...radlew

debian-9-mipsel

1

coinbase/a...ew.bat

windows7-x64

1

coinbase/a...ew.bat

windows10-2004-x64

7

coinbase/i...rks.sh

ubuntu-18.04-amd64

1

coinbase/i...rks.sh

debian-9-armhf

1

coinbase/i...rks.sh

debian-9-mips

1

coinbase/i...rks.sh

debian-9-mipsel

1

coinbase/l...out.js

windows7-x64

3

coinbase/l...out.js

windows10-2004-x64

3

coinbase/l...een.js

windows7-x64

3

coinbase/l...een.js

windows10-2004-x64

3

coinbase/l...age.js

windows7-x64

3

coinbase/l...age.js

windows10-2004-x64

3

coinbase/l...ets.js

windows7-x64

3

coinbase/l...ets.js

windows10-2004-x64

3

coinbase/l...out.js

windows7-x64

3

coinbase/l...out.js

windows10-2004-x64

3

coinbase/l...ler.js

windows7-x64

3

coinbase/l...ler.js

windows10-2004-x64

3

coinbase/m...dow.js

windows7-x64

3

coinbase/m...dow.js

windows10-2004-x64

3

coinbase/w...x.html

windows7-x64

3

coinbase/w...x.html

windows10-2004-x64

3

Analysis

  • max time kernel
    239s
  • max time network
    241s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    coinbase/android/gradlew.bat

  • Size

    2KB

  • MD5

    375ddea382b6c56a7be2a967a20e0ab5

  • SHA1

    cf68b95a4029e352fe1ee002bb367ac1b686f9ad

  • SHA256

    c13c6e91b9a517783976de213d46398c661ea9e17651376d7301e839eaedcc62

  • SHA512

    c5d220b758d961bcd8fb28eb285e2a163bb72636aaebc12d2ed6d240fd25707e9ab45c9558621c5d0f1efc5d400c7473ba1422ab0a28e50b941a5ff4b168815b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\coinbase\android\gradlew.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\system32\java.exe
      java.exe -version
      2⤵
        PID:2272
      • C:\Windows\system32\java.exe
        "java.exe" "-Dorg.gradle.appname=gradlew" -classpath "C:\Users\Admin\AppData\Local\Temp\coinbase\android\\gradle\wrapper\gradle-wrapper.jar" org.gradle.wrapper.GradleWrapperMain
        2⤵
          PID:2748

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2272-2-0x0000000002770000-0x00000000029E0000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2272-11-0x00000000001E0000-0x00000000001E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2272-12-0x0000000002770000-0x00000000029E0000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2748-15-0x00000000026B0000-0x0000000002920000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2748-25-0x0000000000340000-0x0000000000341000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2748-27-0x0000000000340000-0x0000000000341000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2748-28-0x00000000026B0000-0x0000000002920000-memory.dmp

        Filesize

        2.4MB

        Download