f95cb76a09441b4e542f5403c9a82c1d57ed0c81e8fc1826d468c3894f38d3ae

max time kernel
359s
max time network
362s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hellminer_win64/mining scall - Copie (19).bat
Size

103B
MD5

ffc337b7e0abc99d25b115c1cfda4d8e
SHA1

16ea2a287fbce134a0ad3fdf4529c611829407bf
SHA256

95af3604e348fff77415e5dbafcd085fd05d94838567a193d0cfa4b9700a2319
SHA512

cc7582878812438019c0b0959276a325b175663161280080f789fa9416af1382e5d78a91d1b126e6b8811f8af4a4f114f14289fe0c4f8547bfdbbde79d97b6ae

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2632	hellminer.exe
2632	hellminer.exe
2632	hellminer.exe
2632	hellminer.exe
2632	hellminer.exe
2632	hellminer.exe
2632	hellminer.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 1988	1144	cmd.exe	31
PID 1144 wrote to memory of 1988	1144	cmd.exe	31
PID 1144 wrote to memory of 1988	1144	cmd.exe	31
PID 1988 wrote to memory of 2632	1988	hellminer.exe	32
PID 1988 wrote to memory of 2632	1988	hellminer.exe	32
PID 1988 wrote to memory of 2632	1988	hellminer.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\hellminer_win64\mining scall - Copie (19).bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\hellminer_win64\hellminer.exe
  hellminer.exe -c stratum+tcp://na.luckpool.net:3956 -u RP8SNudJuHRv3GJsxb2LJBrKxQKRdKoHL3.scallink -p x
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Users\Admin\AppData\Local\Temp\hellminer_win64\hellminer.exe
    hellminer.exe -c stratum+tcp://na.luckpool.net:3956 -u RP8SNudJuHRv3GJsxb2LJBrKxQKRdKoHL3.scallink -p x
    3⤵
    - Loads dropped DLL
    PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
c3408e38a69dc84d104ce34abf2dfe5b

SHA1
8c01bd146cfd7895769e3862822edb838219edab

SHA256
0bf0f70bd2b599ed0d6c137ce48cf4c419d15ee171f5faeac164e3b853818453

SHA512
aa47871bc6ebf02de3fe1e1a4001870525875b4f9d4571561933ba90756c17107ddf4d00fa70a42e0ae9054c8a2a76d11f44b683d92ffd773cab6cdc388e9b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\python311.dll

Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19882\ucrtbase.dll

Filesize
993KB

MD5
9679f79d724bcdbd3338824ffe8b00c7

SHA1
5ded91cc6e3346f689d079594cf3a9bf1200bd61

SHA256
962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36

SHA512
74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
1f72ba20e6771fe77dd27a3007801d37

SHA1
db0eb1b03f742ca62eeebca6b839fdb51f98a14f

SHA256
0ae3ee32f44aaed5389cc36d337d57d0203224fc6808c8a331a12ec4955bb2f4

SHA512
13e802aef851b59e609bf1dbd3738273ef6021c663c33b61e353b489e7ba2e3d3e61838e6c316fbf8a325fce5d580223cf6a9e61e36cdca90f138cfd7200bb27

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
75ef38b27be5fa07dc07ca44792edcc3

SHA1
7392603b8c75a57857e5b5773f2079cb9da90ee9

SHA256
659f3321f272166f0b079775df0abdaf1bc482d1bcc66f42cae08fde446eb81a

SHA512
78b485583269b3721a89d4630d746a1d9d0488e73f58081c7bdc21948abf830263e6c77d9f31a8ad84ecb5ff02b0922cb39f3824ccd0e0ed026a5e343a8427bc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
a55abf3646704420e48c8e29ccde5f7c

SHA1
c2ac5452adbc8d565ad2bc9ec0724a08b449c2d8

SHA256
c2f296dd8372681c37541b0ca8161b4621037d5318b7b8c5346cf7b8a6e22c3e

SHA512
c8eb3ec20821ae4403d48bb5dbf2237428016f23744f7982993a844c53ae89d06f86e03ab801e5aee441a83a82a7c591c0de6a7d586ea1f8c20a2426fced86f0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
e8af200a0127e12445eb8004a969fc1d

SHA1
a770fe20e42e2bef641c0591c0e763c1c8ba404d

SHA256
64d1ca4ead666023681929d86db26cfd3c70d4b2e521135205a84001d25187db

SHA512
a49b1ce5faf98af719e3a02cd1ff2a7ced1afc4fbf7483beab3f65487d79acc604a0db7c6ee21e45366e93f03fb109126ef00716624c159f1c35e4c100853eaf

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads