Analysis
-
max time kernel
4s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 11:06
Static task
static1
Behavioral task
behavioral1
Sample
IRS_Form_12-01-9/Scan.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
IRS_Form_12-01-9/Scan.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
IRS_Form_12-01-9/wiglid/foeZv.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
IRS_Form_12-01-9/wiglid/foeZv.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
IRS_Form_12-01-9/wiglid/laborsaving.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
IRS_Form_12-01-9/wiglid/laborsaving.dll
Resource
win10v2004-20221111-en
General
-
Target
IRS_Form_12-01-9/wiglid/foeZv.cmd
-
Size
1KB
-
MD5
b5459c0fe4204241778525745d7b0a4c
-
SHA1
4e8a41c6b36fb0f3bdc9d76b231c43924bb29779
-
SHA256
ba1f1006aa00426a49734c8964ade417880788a7dbd92ec828705ea0bbdfcdbc
-
SHA512
41ae13b28fb583aaed892bae735817f653caa8246c435e55dc96874b04f0222b1f35065b0bd9ba9305194a297d8c752043fa916c48751cf9bc1d899d82f77067
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1368 wrote to memory of 1756 1368 cmd.exe xcopy.exe PID 1368 wrote to memory of 1756 1368 cmd.exe xcopy.exe PID 1368 wrote to memory of 1756 1368 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1756-54-0x0000000000000000-mapping.dmp