47961c394d3b03bd1670e702b2ac59071dc54535657c82772e08e0a2d767b7c4 | Triage

Analysis

max time kernel
427s
max time network
1156s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 13:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

mineways/mineways.bat
Size

499B
MD5

a22d95d0020c07099c0498a896a0785b
SHA1

0c0fb428445a7b1207e5e7eceb8ccfad9ee10bf7
SHA256

8f5ca65a0126bc58ee8ba83b50d82bde9ffe0085ba03331960f0ed7535aa1d1a
SHA512

e4717789d3466ae577b71af4f6b52bd41e37993ea3bfde47e30a7c749aeee3f90d22e5cb7a39ff86ec67d5d3edcec0f28b038edb57b14a3bcb5bbc07ec4639f1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 2084	596	cmd.exe	83
PID 596 wrote to memory of 2084	596	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\mineways\mineways.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:596
- C:\Users\Admin\AppData\Local\Temp\mineways\Mineways.exe
  mineways.exe -w 700 700 scripting/startup.mwscript
  2⤵
  PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads