cb72d7878e090cfebd4bf335f4b148471b5a3e359e1eafdc23bef9288b56619e | Triage

Analysis

max time kernel
313s
max time network
329s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 09:36

Sharing

Report Analysis Logs

General

Target

zees/fine.cmd
Size

297B
MD5

1ccf61d45aa4bbab1ed58c19453f60c5
SHA1

d8ef77871bc6e858e6245944c4dd309e8e338104
SHA256

15c4d6c0641726d84b828dc4a39eebfa5ca4b3373af91bab08e6916ded691b90
SHA512

628ed22aa2b24e799ed9e44d5c762e48bac45f04ff3d9eb47e97ec71e4fbf4258eb377730a6ea70804bd31f3d5996cb38aa17f934c83016819b40e055fe019db

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 3196 wrote to memory of 4144 3196 cmd.exe replace.exe
PID 3196 wrote to memory of 4144 3196 cmd.exe replace.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\zees\fine.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:3196

C:\Windows\system32\replace.exe
replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
2⤵
PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4144-132-0x0000000000000000-mapping.dmp

Download