Overview
overview
10Static
static
Document.lnk
windows7-x64
3Document.lnk
windows10-2004-x64
3belts/bivouac.cmd
windows7-x64
1belts/bivouac.cmd
windows10-2004-x64
1belts/eclectic.cmd
windows7-x64
1belts/eclectic.cmd
windows10-2004-x64
1belts/trampling.dll
windows7-x64
10belts/trampling.dll
windows10-2004-x64
10Analysis
-
max time kernel
34s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11-11-2022 13:27
Static task
static1
Behavioral task
behavioral1
Sample
Document.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Document.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
belts/bivouac.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
belts/bivouac.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
belts/eclectic.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
belts/eclectic.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
belts/trampling.dll
Resource
win7-20220812-en
General
-
Target
belts/bivouac.cmd
-
Size
285B
-
MD5
d2d9ea79fe58f7fc8be9b1234c1106fe
-
SHA1
172e84c7479c4389ed6f3657cbf7b8876126a650
-
SHA256
72bd84e0bf325f285cd493ff27bd0566e90b9f17ce4e8481f4cc1374330e1607
-
SHA512
0cba630a38046da996377ba46dac287c31344f8f38e1a406bcaa58406d641030e16d12dfa19c29210fcfbe647af407f5647fe674b398501a078a7525dbfa364c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 748 wrote to memory of 1492 748 cmd.exe replace.exe PID 748 wrote to memory of 1492 748 cmd.exe replace.exe PID 748 wrote to memory of 1492 748 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1492-54-0x0000000000000000-mapping.dmp