edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095 | Triage

Resubmissions

06-12-2022 06:15

221206-gzxv7sbc77 3

02-12-2022 17:00

221202-vjcrzsbc51 10

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 17:00

Sharing

Report Analysis Logs

General

Target

respondents/suspect.cmd
Size

283B
MD5

99838a4fa2fbb0955a78f3fe97212626
SHA1

32a16917424cf9f98ffac8737b8293d268c27aec
SHA256

6ce73c1af6962cd08164173eeab0c367c069c2d0a583ef7f92ddbf3ef3a5bfa9
SHA512

1317ab6f713d897c5f4a445ee476440fe3140b13cc6f40fee4cdbe3f1d6d04c14c7f0ef8f2e83bdecacac1a54e55e87a1ee7547dae49520439379fd99a5215a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1948	1584	cmd.exe	27
PID 1584 wrote to memory of 1948	1584	cmd.exe	27
PID 1584 wrote to memory of 1948	1584	cmd.exe	27

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\respondents\suspect.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads