Overview
overview
10Static
static
Claim_VA43/Claim.lnk
windows7-x64
10Claim_VA43/Claim.lnk
windows10-2004-x64
10Claim_VA43...al.dll
windows7-x64
10Claim_VA43...al.dll
windows10-2004-x64
10Claim_VA43...ng.cmd
windows7-x64
1Claim_VA43...ng.cmd
windows10-2004-x64
1Claim_VA43...ll.cmd
windows7-x64
1Claim_VA43...ll.cmd
windows10-2004-x64
1Analysis
-
max time kernel
25s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 06:26
Static task
static1
Behavioral task
behavioral1
Sample
Claim_VA43/Claim.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Claim_VA43/Claim.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Claim_VA43/elizabeth/appeal.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Claim_VA43/elizabeth/appeal.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Claim_VA43/elizabeth/avoiding.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
Claim_VA43/elizabeth/avoiding.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
Claim_VA43/elizabeth/quill.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Claim_VA43/elizabeth/quill.cmd
Resource
win10v2004-20221111-en
General
-
Target
Claim_VA43/elizabeth/quill.cmd
-
Size
289B
-
MD5
f1dd476ff792c640945a21901988c957
-
SHA1
57543ec07ada751d7c104393b0ea33f15f1cbb6f
-
SHA256
224cb4a5898c0bd293bd61d89647f59ea0032d59e42ea1945a9e0812a0e83b22
-
SHA512
3283b7112f19784f230fe676abbcd07f884793a25fbf0b27f3d0f166e16f9bcb647ad3abd910c3882046d51f1e684cc24704bd5188d4dfbcfc19d6a440dff31a
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1928 wrote to memory of 1580 1928 cmd.exe replace.exe PID 1928 wrote to memory of 1580 1928 cmd.exe replace.exe PID 1928 wrote to memory of 1580 1928 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1580-54-0x0000000000000000-mapping.dmp