Overview
overview
10Static
static
HG.lnk
windows7-x64
10HG.lnk
windows10-2004-x64
10discoverie...rs.cmd
windows7-x64
1discoverie...rs.cmd
windows10-2004-x64
1discoveries/erect.dll
windows7-x64
1discoveries/erect.dll
windows10-2004-x64
1discoveries/pests.cmd
windows7-x64
1discoveries/pests.cmd
windows10-2004-x64
1Resubmissions
05-12-2022 21:51
221205-1qneysag86 1005-12-2022 21:11
221205-z1sa8abc2y 1005-12-2022 21:02
221205-zvs1kaaf4t 1005-12-2022 19:59
221205-yqdjmsbd53 10Analysis
-
max time kernel
132s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2022 19:59
Static task
static1
Behavioral task
behavioral1
Sample
HG.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HG.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
discoveries/dispersers.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
discoveries/dispersers.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
discoveries/erect.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
discoveries/erect.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
discoveries/pests.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
discoveries/pests.cmd
Resource
win10v2004-20220812-en
General
-
Target
discoveries/erect.dll
-
Size
667KB
-
MD5
e8d95feadab525fb0d43b040a02e05ab
-
SHA1
1e22feca8821afccc712455b6bce10dfdc95728a
-
SHA256
c6887e515b36694e8e738c0df7610014e084bcce80ee13c998087471daf039a4
-
SHA512
f154e2e188fd96e3a20c713a07f3afed35e96810e8810616b1bb86ee1677d9ceb4eaae0a9b52066442e04c489e6395b59f642bf83976b4c68caea0c5b9bd6b9d
-
SSDEEP
6144:JxE9vbMKBWrQXhjXNkXWaw0SeUK/SZmtoLOAuUW4xSY2H6+5tjesNMjuX+yM3H59:nV6Wrg9NqGcUKajSYu5tjz5niH9km
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 900 wrote to memory of 1260 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1260 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1260 900 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1260-132-0x0000000000000000-mapping.dmp