Analysis
-
max time kernel
166s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 15:00
Static task
static1
Behavioral task
behavioral1
Sample
Calculation.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Calculation.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
vertices/asteroidal.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
vertices/asteroidal.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
vertices/bombshell.dll
Resource
win7-20220901-en
General
-
Target
vertices/asteroidal.cmd
-
Size
332B
-
MD5
9e7110cb49cd0ad0737cb98e1b272e33
-
SHA1
8737ac297dc9093c06439f45393ff5baadde85f6
-
SHA256
6335a5ca91f6ec7212ccae34e63d1f42ab86c56537deb1c5bc3a32f250f3c936
-
SHA512
97d06d807e378029580313acabfc31a4490a9318f2bdb9291d3ffa532d5b8040bb4f2b535d447f25b1cb57bcc62b7ce56570edd81b6bd37237be78632c0afe6c
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 4856 PING.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2888 wrote to memory of 4856 2888 cmd.exe 20 PID 2888 wrote to memory of 4856 2888 cmd.exe 20