59ecb6df9323759a5fabdb241c905ecd378133252cb59b4ea3acdabb6862bcdd | Triage

Analysis

max time kernel
4s
max time network
1737s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-10-2024 16:40

Sharing

Reason

Machine shutdown

Report Analysis Logs

General

Target

11.bat
Size

133B
MD5

60e4e4a6a04bf9b24f72f2d5294c7788
SHA1

30b1680b594c0ddcb371f09c4b30756e9c0d07ca
SHA256

f282927bb4a5e1b042cc1178bfa4af5d15ec8f982e2299b87baea21bc29077b3
SHA512

86d6b5a70763f5f91b311c8081982aebf64168c06bd1e2eaa29a8a52398b6a3fdfc43fdefc65abb335f1cf27fc9c5a6dd19c3274f79c1001c22b4cac4b8a0c52

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/memory/1952-0-0x00007FF7C4A40000-0x00007FF7C50C7000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1952	cpuminer-sse2.exe
Token: SeLockMemoryPrivilege	1952	cpuminer-sse2.exe
Token: SeLockMemoryPrivilege	1952	cpuminer-sse2.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1952	2124	cmd.exe	81
PID 2124 wrote to memory of 1952	2124	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\11.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
  cpuminer-sse2.exe -a yespowerTIDE -o stratum+tcp://stratum-eu.rplant.xyz:7059 -u TD368ah8Kuzn2quR7g6r8sUYbsVvKzwpyc --cpu-priority 5
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-0-0x00007FF7C4A40000-0x00007FF7C50C7000-memory.dmp

Filesize
6.5MB

Download