Overview

overview

10

Static

static

pss10r.chm

windows7-x64

3

pss10r.chm

windows10-1703-x64

1

run.cmd

windows7-x64

8

run.cmd

windows10-1703-x64

8

ver123.dll

windows7-x64

10

ver123.dll

windows10-1703-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    181s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-11-2022 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    run.cmd

  • Size

    159B

  • MD5

    bc2545a660518ef0271bdd6a8be3513c

  • SHA1

    ac0e485fe9101774c61a50d81dec32e174795e08

  • SHA256

    f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

  • SHA512

    6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\run.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo f "
      2⤵
        PID:3496
      • C:\Windows\system32\xcopy.exe
        xcopy /h /y \ver123.dll C:\Users\Admin\AppData\Local\Temp\LotOfLibraries.1
        2⤵
          PID:3764
        • C:\Users\Admin\AppData\Local\Temp\autorun.exe
          C:\Users\Admin\AppData\Local\Temp\autorun.exe C:\Users\Admin\AppData\Local\Temp\LotOfLibraries.1,#1
          2⤵
          • Executes dropped EXE
          PID:3080

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\autorun.exe
        Filesize

        67KB

        MD5

        ecb702b8c5650381c0784f1eeabb97bc

        SHA1

        00349303c7185faf3e86df9009281cc8d5b35954

        SHA256

        9cc4ddad2e9ae05a8c5762ba88a13c2b1ee4e25ae98ef01dd041fe35d611da87

        SHA512

        220f136bb47a8cf8f88a3b7680e9a86eeb81aecfdc7d8b63bc6195625592e49a8c4f5aaaaced826720afb36763e9272f4a69906a2cea8b4cae3a082014a405fd

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\autorun.exe
        Filesize

        67KB

        MD5

        ecb702b8c5650381c0784f1eeabb97bc

        SHA1

        00349303c7185faf3e86df9009281cc8d5b35954

        SHA256

        9cc4ddad2e9ae05a8c5762ba88a13c2b1ee4e25ae98ef01dd041fe35d611da87

        SHA512

        220f136bb47a8cf8f88a3b7680e9a86eeb81aecfdc7d8b63bc6195625592e49a8c4f5aaaaced826720afb36763e9272f4a69906a2cea8b4cae3a082014a405fd

        Download Submit
      • memory/3080-118-0x0000000000000000-mapping.dmp
        Download
      • memory/3496-116-0x0000000000000000-mapping.dmp
        Download
      • memory/3764-117-0x0000000000000000-mapping.dmp
        Download