b854bec9bc8a38e7c4e906f6d9696a11695087291ab8deefc2e56f73de08138a | Triage

Analysis

max time kernel
15s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 16:27

Sharing

Report Analysis Logs

General

Target

amended/depressurize.cmd
Size

294B
MD5

4478916ab6a542ba83d159f91d65c49a
SHA1

acf13927bc140cc3ae0e49de3c750adb78600002
SHA256

36754f9a2fe5f46e64976d49b253894de757a5fc9b1d7a81daf45c450529d0ad
SHA512

4ac53a5fbc1114095dba189edb0312fb8f1dd98f11dcf765281e10f977434795ccec172e4091187591006e677081a7c2ef100badefd9eb9504ec07ed69ccc558

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1376	1628	cmd.exe	29
PID 1628 wrote to memory of 1376	1628	cmd.exe	29
PID 1628 wrote to memory of 1376	1628	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\amended\depressurize.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads