Resubmissions
05-12-2022 21:32
221205-1dpr9ahe72 1005-12-2022 21:12
221205-z2lj3abc8x 1005-12-2022 17:34
221205-v5vvpaeb7t 10Analysis
-
max time kernel
421s -
max time network
427s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 21:12
Static task
static1
Behavioral task
behavioral1
Sample
CX.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
CX.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
glasses/astrophysics.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
glasses/astrophysics.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
glasses/caitiff.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
glasses/caitiff.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
glasses/certificated.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
glasses/certificated.cmd
Resource
win10v2004-20220812-en
General
-
Target
glasses/certificated.cmd
-
Size
297B
-
MD5
a5d2f0ccad9c55ccc8fb24379a5c2cc8
-
SHA1
c5acbaca2dc86b0779a64dd94fd83ec8d612b45d
-
SHA256
51c5b2aad08d5283ef553c4773ae9b8d26eb30ce8e6b59d7c13003f57ce7ae68
-
SHA512
01f4906bc9a1fd70333052370860828f631b1d05ad58b2815dea24363df90f2d2fbb6c285fba6f5890b5830f239291b0e32db5b99b8c839d4872a0f7fbc1cdce
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1948 wrote to memory of 2024 1948 cmd.exe replace.exe PID 1948 wrote to memory of 2024 1948 cmd.exe replace.exe PID 1948 wrote to memory of 2024 1948 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2024-54-0x0000000000000000-mapping.dmp