Overview

overview

10

Static

static

6438/2240.cmd

windows10-2004-x64

8

6438/jeopardizes.dll

windows10-2004-x64

10

Overdue.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2022, 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6438/2240.cmd

  • Size

    280B

  • MD5

    7f3a2c24af5b7178f15dba1b2f8041fb

  • SHA1

    b4728f7211c33c50f51633f0d8592565dc13340f

  • SHA256

    414518a02154af5429350f92c9d11616f7520534081746b90dd9be615d9528d4

  • SHA512

    1c4985717619c06d0df3990e270a0bb559548404396d8637679ac189794c1b8e2501dc2c7a40c3a8496f69acdd4c5dde304a81948901dc33acc9d8f5691c4630

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\6438\2240.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\PING.EXE
      ping 127.0.0.1
      2⤵
      • Runs ping.exe
      PID:3756
    • \??\c:\users\public\re.exe
      c:\\users\\public\\re.exe 6438\jeopardizes.dat
      2⤵
      • Executes dropped EXE
      PID:756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\re.exe
    Filesize

    24KB

    MD5

    b0c2fa35d14a9fad919e99d9d75e1b9e

    SHA1

    8d7c2fd354363daee63e8f591ec52fa5d0e23f6f

    SHA256

    022cb167a29a32dae848be91aef721c74f1975af151807dafcc5ed832db246b7

    SHA512

    a6155e42b605425914d1bf745d9b2b5ed57976e161384731c6821a1f8fa2bc3207a863ae45d6ad371ac82733b72bb024204498baa4fb38ad46c6d7bc52e5a022

    Download Submit