Overview
overview
10Static
static
order.lnk
windows7-x64
3order.lnk
windows10-2004-x64
3year/day.jpg
windows7-x64
3year/day.jpg
windows10-2004-x64
3year/make.dll
windows7-x64
10year/make.dll
windows10-2004-x64
10year/new.gif
windows7-x64
1year/new.gif
windows10-2004-x64
1year/worker.cmd
windows7-x64
1year/worker.cmd
windows10-2004-x64
1year/worker.js
windows7-x64
1year/worker.js
windows10-2004-x64
1Analysis
-
max time kernel
90s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
resource tags
arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2022, 21:21
Static task
static1
Behavioral task
behavioral1
Sample
order.lnk
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
order.lnk
Resource
win10v2004-20220715-en
Behavioral task
behavioral3
Sample
year/day.jpg
Resource
win7-20220715-en
Behavioral task
behavioral4
Sample
year/day.jpg
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
year/make.dll
Resource
win7-20220715-en
Behavioral task
behavioral6
Sample
year/make.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
year/new.gif
Resource
win7-20220718-en
Behavioral task
behavioral8
Sample
year/new.gif
Resource
win10v2004-20220718-en
Behavioral task
behavioral9
Sample
year/worker.cmd
Resource
win7-20220718-en
Behavioral task
behavioral10
Sample
year/worker.cmd
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
year/worker.js
Resource
win7-20220715-en
Behavioral task
behavioral12
Sample
year/worker.js
Resource
win10v2004-20220715-en
General
-
Target
year/worker.cmd
-
Size
37B
-
MD5
63443438bf83dd836dd7bbceeb8c12e7
-
SHA1
ecb596c586df703899daa9e0171c78e390b2838d
-
SHA256
55bda51c360dce97cf9549e46bef50b3b11dfb1396d4caa86bfb16932a5f7ee5
-
SHA512
eb72df11bea6d7f5d1fefaff9036b93c638a254690fa588356b8c2caa66e38ec48cbbd3100666bcfb31b7782a3981fbdc075d196ad65d8beef20bd8cba7aa0a5
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 4112 PING.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 5004 wrote to memory of 4112 5004 cmd.exe 80 PID 5004 wrote to memory of 4112 5004 cmd.exe 80