ac738b061845ca506d186c7749080cdbf443f859e2b551dd0402474b2604b249 | Triage

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07-12-2022 13:45

Sharing

Report Analysis Logs

General

Target

mollusks/countersink.cmd
Size

334B
MD5

9d6b53c58320a436a8cba81ed2b36578
SHA1

2b9d3193b70cac52897aef536257f52cf268c47f
SHA256

19c18ff61c211c419b5bcacfed5b1f8b0dcf9ea4629f1f42c7c96fe791724342
SHA512

3f7f9ac263947eb287abe2f3698a5d109cb77ea3f52a545a8984257ed2ad0f38d2a92a799522166f1b78eccc724db91d3f0864184634937f66eeb110dfbc3296

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1724 wrote to memory of 1180	1724	cmd.exe	replace.exe
PID 1724 wrote to memory of 1180	1724	cmd.exe	replace.exe
PID 1724 wrote to memory of 1180	1724	cmd.exe	replace.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\mollusks\countersink.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1180-54-0x0000000000000000-mapping.dmp

Download