Overview
overview
10Static
static
Claim.lnk
windows7-x64
10Claim.lnk
windows10-2004-x64
10amended/concavity.cmd
windows7-x64
1amended/concavity.cmd
windows10-2004-x64
1amended/de...ze.cmd
windows7-x64
1amended/de...ze.cmd
windows10-2004-x64
1amended/unwarmed.dll
windows7-x64
10amended/unwarmed.dll
windows10-2004-x64
10Resubmissions
05-12-2022 21:50
221205-1px8rsdf7x 1005-12-2022 21:36
221205-1fxwmshg72 1005-12-2022 21:13
221205-z2tknsbd2y 1002-12-2022 18:49
221202-xgbs1sdc28 10Analysis
-
max time kernel
433s -
max time network
439s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 21:13
Static task
static1
Behavioral task
behavioral1
Sample
Claim.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Claim.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
amended/concavity.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
amended/concavity.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
amended/depressurize.cmd
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
amended/depressurize.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
amended/unwarmed.dll
Resource
win7-20221111-en
General
-
Target
amended/depressurize.cmd
-
Size
294B
-
MD5
4478916ab6a542ba83d159f91d65c49a
-
SHA1
acf13927bc140cc3ae0e49de3c750adb78600002
-
SHA256
36754f9a2fe5f46e64976d49b253894de757a5fc9b1d7a81daf45c450529d0ad
-
SHA512
4ac53a5fbc1114095dba189edb0312fb8f1dd98f11dcf765281e10f977434795ccec172e4091187591006e677081a7c2ef100badefd9eb9504ec07ed69ccc558
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1204 wrote to memory of 840 1204 cmd.exe replace.exe PID 1204 wrote to memory of 840 1204 cmd.exe replace.exe PID 1204 wrote to memory of 840 1204 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/840-54-0x0000000000000000-mapping.dmp