Overview

overview

3

Static

static

3

mineways/Mineways.exe

windows11-21h2-x64

1

mineways/T...er.exe

windows11-21h2-x64

1

mineways/T...er.exe

windows11-21h2-x64

1

mineways/d...y.html

windows11-21h2-x64

3

mineways/d...t.html

windows11-21h2-x64

3

mineways/d...s.html

windows11-21h2-x64

3

mineways/d...x.html

windows11-21h2-x64

3

mineways/d...s.html

windows11-21h2-x64

3

mineways/d...e.html

windows11-21h2-x64

3

mineways/d...ipt.js

windows11-21h2-x64

3

mineways/d...g.html

windows11-21h2-x64

3

mineways/d...s.html

windows11-21h2-x64

3

mineways/f...32.exe

windows11-21h2-x64

3

mineways/mineways.bat

windows11-21h2-x64

1

mineways/m...og.bat

windows11-21h2-x64

1

mineways/m...ug.bat

windows11-21h2-x64

1

mineways/m...ds.bat

windows11-21h2-x64

1

mineways/s...map.py

windows11-21h2-x64

3

mineways/s...es.bat

windows11-21h2-x64

1

mineways/s...te.bat

windows11-21h2-x64

1

mineways/s...eld.py

windows11-21h2-x64

3

mineways/s...ker.py

windows11-21h2-x64

3

mineways/s...aps.py

windows11-21h2-x64

3

mineways/s...ap.bat

windows11-21h2-x64

1

mineways/s...or.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    419s
  • max time network
    1153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/08/2024, 13:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    mineways/scripting/export_and_annotate.bat

  • Size

    428B

  • MD5

    36d78bdff7da5708076b1d7d23782d15

  • SHA1

    c81596e5c637125eb681cb4d06def08809f28961

  • SHA256

    7d655944a70362b674b83e2b6145efdbe8a0da233b6e6c5c0afce6b3cccddcd1

  • SHA512

    ac0f530d751d6a545429c15e7c4763f010df7dbbaf1b746424c1eb55558395479c1601c141f829e921e5e935c8d77a7ce1ba9bf962c54e4204e428e3e73e6027

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\mineways\scripting\export_and_annotate.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
      python annotate_map.py
      2⤵
        PID:4492

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads