566a9acc2dc021dea88e87291b6a384066ac91b4b04cb4cb13dbe69287f982a9 | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-10-2022 10:49

Sharing

Report Analysis Logs

General

Target

disallowable/missives.cmd
Size

384B
MD5

cc23679a6d228423e5425de92a61818f
SHA1

b44361210f5717575cacd871deda59ae14bb052a
SHA256

0d54088373e1d0ff51f7f9b90ddaf3cc2c973dc7d5b1d5b5ef18a2e496a1059e
SHA512

c404ed7fffd1c0a62aef71b840b357d9044e16a73ab452b7dc5600d2cb8d25e5c4b152cbbdb461aecaa90ae76e3dfa9a3a9ff72a687116c64da9d379dbf6191d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 612	1920	cmd.exe	29
PID 1920 wrote to memory of 612	1920	cmd.exe	29
PID 1920 wrote to memory of 612	1920	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\disallowable\missives.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\system32\replace.exe
  replace C:\Windows\system32\regsv C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads