Overview

overview

10

Static

static

Document.lnk

windows7-x64

3

Document.lnk

windows10-2004-x64

3

belts/bivouac.cmd

windows7-x64

1

belts/bivouac.cmd

windows10-2004-x64

1

belts/eclectic.cmd

windows7-x64

1

belts/eclectic.cmd

windows10-2004-x64

1

belts/trampling.dll

windows7-x64

10

belts/trampling.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    34s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11-11-2022 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    belts/bivouac.cmd

  • Size

    285B

  • MD5

    d2d9ea79fe58f7fc8be9b1234c1106fe

  • SHA1

    172e84c7479c4389ed6f3657cbf7b8876126a650

  • SHA256

    72bd84e0bf325f285cd493ff27bd0566e90b9f17ce4e8481f4cc1374330e1607

  • SHA512

    0cba630a38046da996377ba46dac287c31344f8f38e1a406bcaa58406d641030e16d12dfa19c29210fcfbe647af407f5647fe674b398501a078a7525dbfa364c

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\belts\bivouac.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Windows\system32\replace.exe
      replace C:\Windows\\32\\l32.exe C:\Users\Admin\AppData\Local\Temp /A
      2⤵
        PID:1492

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1492-54-0x0000000000000000-mapping.dmp
      Download