Overview
overview
10Static
static
HG.lnk
windows7-x64
10HG.lnk
windows10-2004-x64
10discoverie...rs.cmd
windows7-x64
1discoverie...rs.cmd
windows10-2004-x64
1discoveries/erect.dll
windows7-x64
1discoveries/erect.dll
windows10-2004-x64
1discoveries/pests.cmd
windows7-x64
1discoveries/pests.cmd
windows10-2004-x64
1Resubmissions
05-12-2022 21:51
221205-1qneysag86 1005-12-2022 21:11
221205-z1sa8abc2y 1005-12-2022 21:02
221205-zvs1kaaf4t 1005-12-2022 19:59
221205-yqdjmsbd53 10Analysis
-
max time kernel
24s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 19:59
Static task
static1
Behavioral task
behavioral1
Sample
HG.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HG.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
discoveries/dispersers.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
discoveries/dispersers.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
discoveries/erect.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
discoveries/erect.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
discoveries/pests.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
discoveries/pests.cmd
Resource
win10v2004-20220812-en
General
-
Target
discoveries/dispersers.cmd
-
Size
291B
-
MD5
0113de80cf8c28384998b91527148ca4
-
SHA1
24a2564b57b49dcf65402a776422173aa8b2b86a
-
SHA256
feb1857e7ce32fbee82dfa8a0f4d53deed9a7ea841122cd4a8c84c5d43c61439
-
SHA512
eefb2612b57921bbc8fcf80ae7ceb61844f2a509d03e3e19a02d9736dd63f5d1bde735c552e990d5332e874d8394ed442fb1c94fb13dc17eba172de96c63e007
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 884 wrote to memory of 916 884 cmd.exe replace.exe PID 884 wrote to memory of 916 884 cmd.exe replace.exe PID 884 wrote to memory of 916 884 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-54-0x0000000000000000-mapping.dmp