Overview

overview

10

Static

static

6438/1722.cmd

windows7-x64

8

6438/1722.cmd

windows10-2004-x64

8

6438/fearfully.dll

windows7-x64

10

6438/fearfully.dll

windows10-2004-x64

10

Overdue.lnk

windows7-x64

3

Overdue.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-10-2022 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6438/1722.cmd

  • Size

    259B

  • MD5

    3c3c6861a7b06edf3d7ab40e6a239eb7

  • SHA1

    f9b416533bcabd4096ab3cd1b138194b0d7bb47f

  • SHA256

    4ce57b83a2c32680ec5c45efc486e38e6985cdcea78593882ce041940014dbfa

  • SHA512

    9830d3370d412d714e395c02b56dd887d162611be83f8aa75db84ee480b5b09d634db24d71a165bdcd346fe7481cf5249dd17ea8ab1c9aa50689f49709616923

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\6438\1722.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Windows\system32\PING.EXE
      ping 127.0.0.1
      2⤵
      • Runs ping.exe
      PID:4696
    • \??\c:\users\public\re.exe
      c:\\users\\public\\re.exe 6438\fearfully.dat
      2⤵
      • Executes dropped EXE
      PID:3612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\re.exe
    Filesize

    24KB

    MD5

    b0c2fa35d14a9fad919e99d9d75e1b9e

    SHA1

    8d7c2fd354363daee63e8f591ec52fa5d0e23f6f

    SHA256

    022cb167a29a32dae848be91aef721c74f1975af151807dafcc5ed832db246b7

    SHA512

    a6155e42b605425914d1bf745d9b2b5ed57976e161384731c6821a1f8fa2bc3207a863ae45d6ad371ac82733b72bb024204498baa4fb38ad46c6d7bc52e5a022

    Download Submit
  • memory/3612-133-0x0000000000000000-mapping.dmp
    Download
  • memory/4696-132-0x0000000000000000-mapping.dmp
    Download