c8a5e02417285b85da288818cca8a6900122011890fa92c9053787dfb195b8c6 | Triage

Resubmissions

13-09-2022 06:25

220913-g6tr5aafem 10

13-09-2022 06:22

220913-g48s9seha8 5

12-09-2022 18:09

220912-wrkcgahefn 3

Analysis

max time kernel
77s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2022 18:09

Sharing

Report Analysis Logs

General

Target

sample/son/soaring.bat
Size

1KB
MD5

1ea69ad4f52861028172b75ddb554c99
SHA1

865b059fbf29daee94308e62afcaf9e0db3ac428
SHA256

d028ef0de2b8ff13e033a10409cd5f50e9aaaf8cb3ac58d3c9882a3de90e3a90
SHA512

796255e1b844a578cc04a7b372dd9fd203c3a64401c7f2d707edc474bc81158d2a70c080da3799b857e6960e8869b18638a2211f42fcd72e5ccd20803bdfe5c9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 4784	1920	cmd.exe	84
PID 1920 wrote to memory of 4784	1920	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\sample\son\soaring.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\system32\xcopy.exe
  xcopy /s /i /e /h son\enchanting.dat C:\Users\Admin\AppData\Local\Temp\*
  2⤵
  PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads