Overview
overview
10Static
static
Claim.lnk
windows7-x64
10Claim.lnk
windows10-2004-x64
10undampened...ul.dll
windows7-x64
10undampened...ul.dll
windows10-2004-x64
10undampened...ly.cmd
windows7-x64
1undampened...ly.cmd
windows10-2004-x64
1undampened...ly.cmd
windows7-x64
1undampened...ly.cmd
windows10-2004-x64
1Resubmissions
05-12-2022 21:11
221205-z14z1sbc4z 1005-12-2022 21:02
221205-zvg83aae9z 1005-12-2022 20:55
221205-zqp34sab9t 10Analysis
-
max time kernel
602s -
max time network
635s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 21:11
Static task
static1
Behavioral task
behavioral1
Sample
Claim.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Claim.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
undampened/purposeful.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
undampened/purposeful.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
undampened/reassembly.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
undampened/reassembly.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
undampened/risibly.cmd
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
undampened/risibly.cmd
Resource
win10v2004-20220812-en
General
-
Target
undampened/reassembly.cmd
-
Size
285B
-
MD5
0e1d1b53085414be80108431a3ee03ec
-
SHA1
23d01d536acdf7d9cfaabcf97c63ad435652e6da
-
SHA256
d25cf833e6fb446b1c38fee115eb1a1bfb70657ada48f5f20dce799ddade625f
-
SHA512
3ed5af192d5d95be221c279c256c404128a2ef9ac70f48057e5db671566ddbf371d953d45616e29fc6e4008a04c51fa3c3743a388bee03f91a7a5594209a279d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1628 wrote to memory of 616 1628 cmd.exe replace.exe PID 1628 wrote to memory of 616 1628 cmd.exe replace.exe PID 1628 wrote to memory of 616 1628 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/616-54-0x0000000000000000-mapping.dmp