0259011b71d361d347f20ed51a7f7d528aa1964c63bf4e6de0f4dda783643177 | Triage

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2022, 17:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

desynchronize/steroids.cmd
Size

249B
MD5

4088d826e9d47fa142d5b5f48d39ced6
SHA1

35d677a2f4a5ce9da972a9b131d1c440be248b5e
SHA256

1131f74c585345805b2cee3183727e836fe68d2a3c341e393e16ff99623fa90f
SHA512

84fbf2799c4560be5bd3234582a350abb195473024442e37d68301befbc9687250b4b7012ad93f9bfdfd8635d28601c6fbd93e95d740a2ed9b48e14ec1c74006

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 1676	2608	cmd.exe	83
PID 2608 wrote to memory of 1676	2608	cmd.exe	83

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\desynchronize\steroids.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads