b0e9cc8b694fe777386ad45946a5da490da5eb8788cc0429ed952a29048b7b54 | Triage

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2022 13:02

Sharing

Report Analysis Logs

General

Target

unnautical/compassionable.cmd
Size

279B
MD5

54f90e2c06e60852d3f75385d6e6f648
SHA1

413c32edcdede34138bdd9d224fe7f9b649c9149
SHA256

cc770c3b6d2b8e62d640cdb1628cc6bdbe533dfe0e79f4be5721967a87e0536c
SHA512

521f76128948d3f550dc01cef6bb51cb5bc42f0984ed2fa0fb3e8e38f7c9c34bb49872439f1b1646b121ea24dcd283460bba53c76875e0c93d6e71b05125faf5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 528 wrote to memory of 2616 528 cmd.exe replace.exe
PID 528 wrote to memory of 2616 528 cmd.exe replace.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\unnautical\compassionable.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:528

C:\Windows\system32\replace.exe
replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
2⤵
PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2616-132-0x0000000000000000-mapping.dmp

Download