Analysis

  • max time kernel
    15s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2022 16:27

General

  • Target

    amended/depressurize.cmd

  • Size

    294B

  • MD5

    4478916ab6a542ba83d159f91d65c49a

  • SHA1

    acf13927bc140cc3ae0e49de3c750adb78600002

  • SHA256

    36754f9a2fe5f46e64976d49b253894de757a5fc9b1d7a81daf45c450529d0ad

  • SHA512

    4ac53a5fbc1114095dba189edb0312fb8f1dd98f11dcf765281e10f977434795ccec172e4091187591006e677081a7c2ef100badefd9eb9504ec07ed69ccc558

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\amended\depressurize.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\system32\replace.exe
      replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
      2⤵
        PID:1376

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1376-54-0x0000000000000000-mapping.dmp