Overview
overview
10Static
static
TE04/Ref.lnk
windows7-x64
10TE04/Ref.lnk
windows10-2004-x64
10TE04/syndr...st.cmd
windows7-x64
1TE04/syndr...st.cmd
windows10-2004-x64
1TE04/syndr...ta.dll
windows7-x64
3TE04/syndr...ta.dll
windows10-2004-x64
3TE04/syndr...la.cmd
windows7-x64
1TE04/syndr...la.cmd
windows10-2004-x64
1Analysis
-
max time kernel
35s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07-12-2022 06:46
Static task
static1
Behavioral task
behavioral1
Sample
TE04/Ref.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TE04/Ref.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
TE04/syndrome/destructionist.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
TE04/syndrome/destructionist.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
TE04/syndrome/dicta.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
TE04/syndrome/dicta.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
TE04/syndrome/dracula.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
TE04/syndrome/dracula.cmd
Resource
win10v2004-20220812-en
General
-
Target
TE04/syndrome/dracula.cmd
-
Size
308B
-
MD5
7f099ddafbff736bfda8eef8365f20ce
-
SHA1
6474123573496ae56747e8df01b21fe00043289b
-
SHA256
05cf835776fba30791b155a9bdfdb3bc245d3283bf6b844838a8a6938c94aec7
-
SHA512
2a356d3286f32ffdb025b81f871ffef87f65433ed60cced557921a634f9fd1b7fd0ffa05bec9ed46e9ebb000a34c0f69be6954e4ca9f849ca291a5f8c5b181f6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1184 wrote to memory of 1860 1184 cmd.exe replace.exe PID 1184 wrote to memory of 1860 1184 cmd.exe replace.exe PID 1184 wrote to memory of 1860 1184 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1860-54-0x0000000000000000-mapping.dmp