87e345cf62178d24cf0a91c136fa06468e5fafb88173f93c8ff3ad7f17b66cb7 | Triage

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2022 16:15

Sharing

Report Analysis Logs

General

Target

obediences/bide.cmd
Size

420B
MD5

57ca313686a484c166c7444a286af29c
SHA1

7f17c854aa8dae032eed8ff83a426761f1e5ccf9
SHA256

59f6563750f9108680e6f850a444c61c5506a27fa44f6df41bfe237508a03084
SHA512

5700a797190e11b97d07aabf3e4a11139e45b2879ed56bd3de793224a32c6808de5982e7e434d4f1a0af5d6aefdf2435ebe5fcc43a6ee749de8af1e483526dad

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1164	hello.com

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1164	2276	cmd.exe	79
PID 2276 wrote to memory of 1164	2276	cmd.exe	79

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\obediences\bide.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\hello.com
  C:\Users\Admin\AppData\Local\Temp\hello.com obediences\salient.dat,DllRegisterServer
  2⤵
  - Executes dropped EXE
  PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hello.com

Filesize
70KB

MD5
ef3179d498793bf4234f708d3be28633

SHA1
dd399ae46303343f9f0da189aee11c67bd868222

SHA256
b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa

SHA512
02aff154762d7e53e37754f878ce6aa3f4df5a1eb167e27f13d9762dced32bec892bfa3f3314e3c6dce5998f7d3c400d7d0314b9326eedcab72207c60b3d332e

Download Submit
memory/1164-132-0x0000000000000000-mapping.dmp

Download