IOC Report
NetworkMiner.exe

loading gif

Files

File Path
Type
Category
Malicious
NetworkMiner.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NetworkMiner.exe_f281b5b9790767443dd1fe78f62f2e72e01496_05459224_085896d0-69e2-4d70-bfc8-b0551cfee7f6\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0A2.tmp.dmp
Mini DuMP crash report, 16 streams, Sun Nov 24 02:49:15 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA18E.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1BE.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\NetworkMiner.exe
"C:\Users\user\Desktop\NetworkMiner.exe"
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6380 -s 840

URLs

Name
IP
Malicious
https://github.com/xnih/satori/
unknown
https://team.vxstream-sandbox.com/
unknown
https://sslbl.abuse.ch/blacklist/
unknown
https://lcamtuf.coredump.cx/p0f3/
unknown
https://sectigo.com/CPS0
unknown
https://netresec.com/?b=228fddfcUnable
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
unknown
http://ocsp.sectigo.com0
unknown
https://www.netresec.com/?page=NetworkMiner
unknown
https://github.com/hdm/mac-ages
unknown
http://www.netresec.com/?page=NetworkMiner-Writing
unknown
https://www.netresec.com/
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
unknown
https://gchq.github.io/CyberChef/#input=
unknown
http://upx.sf.net
unknown
https://localhost=System.Net
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
unknown
There are 8 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
ProgramId
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
FileId
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
LowerCaseLongPath
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
LongPathHash
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
Name
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
OriginalFileName
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
Publisher
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
Version
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
BinFileVersion
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
BinaryType
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
ProductName
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
ProductVersion
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
LinkDate
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
BinProductVersion
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
AppxPackageFullName
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
AppxPackageRelativeId
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
Size
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
Language
\REGISTRY\A\{09c8f4a6-20e9-3629-2442-a5e01fa3ccd9}\Root\InventoryApplicationFile\networkminer.exe|1fa6f9ff29084ad7
Usn
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
21EE28B0000
heap
page read and write
7FFD9B522000
trusted library allocation
page read and write
21EE2AA0000
heap
page read and write
21EE2A13000
heap
page read and write
95081FE000
stack
page read and write
21EE2B40000
heap
page read and write
7FFD9B6C9000
trusted library allocation
page read and write
21EE29D5000
heap
page read and write
21EE2B60000
trusted library allocation
page read and write
21EE29E4000
heap
page read and write
95080FC000
stack
page read and write
21EE2BC0000
heap
page execute and read and write
21EE2AC0000
heap
page read and write
7FFD9B640000
trusted library allocation
page execute and read and write
21EE29CE000
heap
page read and write
7FFD9B5DC000
trusted library allocation
page execute and read and write
21EF4453000
trusted library allocation
page read and write
9507FFF000
stack
page read and write
21EFCED0000
heap
page execute and read and write
7FFD9B606000
trusted library allocation
page execute and read and write
7FFD9B5D0000
trusted library allocation
page read and write
21EE29A0000
heap
page read and write
21EE2C20000
heap
page read and write
21EF4458000
trusted library allocation
page read and write
21EE29AC000
heap
page read and write
21EE4451000
trusted library allocation
page read and write
21EF4451000
trusted library allocation
page read and write
21EE2B45000
heap
page read and write
7FFD9B5E0000
trusted library allocation
page execute and read and write
9507EFF000
stack
page read and write
21EE2770000
unkown
page readonly
7FFD9B538000
trusted library allocation
page read and write
9507DFE000
stack
page read and write
950794F000
stack
page read and write
21EE2B50000
trusted library allocation
page read and write
95083FF000
stack
page read and write
21EE29A6000
heap
page read and write
21EE2CA0000
heap
page read and write
21EE2772000
unkown
page readonly
95082FF000
stack
page read and write
21EE2A75000
heap
page read and write
21EE280A000
unkown
page readonly
7FFD9B52D000
trusted library allocation
page execute and read and write
21EE27EF000
unkown
page readonly
21EE2B20000
trusted library allocation
page read and write
21EE2770000
unkown
page readonly
21EFCDD0000
heap
page read and write
7FFD9B523000
trusted library allocation
page execute and read and write
21EE2CA5000
heap
page read and write
9507CFE000
stack
page read and write
7FFD9B57C000
trusted library allocation
page execute and read and write
21EE2A0F000
heap
page read and write
21EE2AE0000
heap
page read and write
7FFD9B524000
trusted library allocation
page read and write
7FFD9B6C1000
trusted library allocation
page read and write
7FFD9B533000
trusted library allocation
page read and write
21EE2A0D000
heap
page read and write
21EE29E1000
heap
page read and write
21EE2B63000
trusted library allocation
page read and write
21EE2A70000
heap
page read and write
21EE29CC000
heap
page read and write
7FF4907E0000
trusted library allocation
page execute and read and write
There are 52 hidden memdumps, click here to show them.