0887131efe1dfe5e47fe7a699982c05dc7f466c22be28a6e67d1a374ef8ee9c0 | Triage

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31/10/2022, 14:13

Sharing

Report Analysis Logs

General

Target

secretion.cmd
Size

373B
MD5

b6ddb373262b3c63c8fb064548515099
SHA1

bdd181f3a1a8999445dc2fa827c02c8aefadb492
SHA256

0887131efe1dfe5e47fe7a699982c05dc7f466c22be28a6e67d1a374ef8ee9c0
SHA512

e77449fe9aa4604c49ec38c925de00b8cba10d92003449e4f996125a09e54efdbd73f08d83dccf22eec0233c98edf17a321009f40d0cbc0c37ffe0f6a59b7fed

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 272 wrote to memory of 1972	272	cmd.exe	29
PID 272 wrote to memory of 1972	272	cmd.exe	29
PID 272 wrote to memory of 1972	272	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\secretion.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:272
- C:\Windows\system32\replace.exe
  replace C:\Windows\\system32\\regs C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads