b78da1eba668f0abe0da971a07aa5f90a1f7e2e378d7af507d4e4110cac64f11

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17/10/2022, 15:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

juggles.cmd
Size

287B
MD5

efe57aed27c2bbf4838b50159ea2d681
SHA1

b13e4a69874867d0de66d5fa836bfab2eeee74f6
SHA256

b86d813aedba63d8d3c2a926790838180adbf941187595cbb0ad6686b8599509
SHA512

e711875f47f7a4bcbbe2cdea145bdb42dcae4ef303300a8e8bd9991d9b9b85a19c64046daf563d96d3906c526b22ad429d9a6d7060a189eace6e826815a3f62f

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
944	PING.EXE

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
968	regsvr32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 968	1672	cmd.exe	28
PID 1672 wrote to memory of 968	1672	cmd.exe	28
PID 1672 wrote to memory of 968	1672	cmd.exe	28
PID 1672 wrote to memory of 968	1672	cmd.exe	28
PID 1672 wrote to memory of 968	1672	cmd.exe	28
PID 1672 wrote to memory of 944	1672	cmd.exe	29
PID 1672 wrote to memory of 944	1672	cmd.exe	29
PID 1672 wrote to memory of 944	1672	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\juggles.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\regsvr32.exe
  C:\Windows\\\\\\system32\\\\\\regsvr32.exe oslo\sag.dat
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:968
- C:\Windows\system32\PING.EXE
  ping google.com
  2⤵
  - Runs ping.exe
  PID:944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-55-0x000007FEFBC01000-0x000007FEFBC03000-memory.dmp

Filesize
8KB

Download