db5fabc8aea28952b6e40d35290914963f782d9b568582ae3f795c579218e4ed | Triage

Analysis

max time kernel
54s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07-12-2022 12:08

Sharing

Report Analysis Logs

General

Target

sandstone/beeches.cmd
Size

285B
MD5

57cef882821ede806a862637bae77143
SHA1

afff3356b2b10ed8acab378775d5a3b065293c37
SHA256

6c048dc4238b3e81c65ab176c80bfc34310ddc52efdfe09774e27ac7d2a1bf1d
SHA512

611cf3e1bebd77f94b9be962e843b5fd42d564787562e4c3c6c0ff243a3df352667d7dbf5b8eb9505f03a4de6d273287b1ca20efda562637c50f5fd296465c13

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1252 wrote to memory of 2020	1252	cmd.exe	replace.exe
PID 1252 wrote to memory of 2020	1252	cmd.exe	replace.exe
PID 1252 wrote to memory of 2020	1252	cmd.exe	replace.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\sandstone\beeches.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252

C:\Windows\system32\replace.exe
replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
2⤵
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-54-0x0000000000000000-mapping.dmp

Download