a06c213833ae57fff7d9c67495e6430f6a9f89f5950b2806da8df0753a0e20e4 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/11/2022, 05:43

Sharing

Report Analysis Logs

General

Target

pressurization/interceptor.cmd
Size

249B
MD5

221f639bf156503df810cdd2a0f9ce7a
SHA1

3bcf125292e4cb291bee30aff997fb5845e610f0
SHA256

f7682618aeb86bea1438a62d1676b864395c088c1c5eaa9a288685ce8cebc8fc
SHA512

4a8ee0c8dec0d77abdad253aee54f4a7e9cd1658e1488a994ba1059df0a335bede38d3f31a6291089337b795310caaf07132c71d6bc39fd53327233cedfe0270

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 852	1096	cmd.exe	28
PID 1096 wrote to memory of 852	1096	cmd.exe	28
PID 1096 wrote to memory of 852	1096	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\pressurization\interceptor.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads