Overview
overview
10Static
static
Ref.lnk
windows10-1703-x64
10Ref.lnk
windows7-x64
10engenderin...ry.dll
windows10-1703-x64
engenderin...ry.dll
windows7-x64
3engenderin...ng.cmd
windows10-1703-x64
1engenderin...ng.cmd
windows7-x64
1engendering/suite.cmd
windows10-1703-x64
1engendering/suite.cmd
windows7-x64
1Analysis
-
max time kernel
11s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
07-12-2022 16:11
Static task
static1
Behavioral task
behavioral1
Sample
Ref.lnk
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
Ref.lnk
Resource
win7-20221111-en
Behavioral task
behavioral3
Sample
engendering/catenary.dll
Resource
win10-20220901-en
Behavioral task
behavioral4
Sample
engendering/catenary.dll
Resource
win7-20221111-en
Behavioral task
behavioral5
Sample
engendering/exiting.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
engendering/exiting.cmd
Resource
win7-20221111-en
Behavioral task
behavioral7
Sample
engendering/suite.cmd
Resource
win10-20220812-en
Behavioral task
behavioral8
Sample
engendering/suite.cmd
Resource
win7-20221111-en
General
-
Target
engendering/suite.cmd
-
Size
314B
-
MD5
c5307a3a6319b241a7e15f64f7562701
-
SHA1
18262674ec55508d7639c816d052bf67c6059ba3
-
SHA256
2a65f7c44630717f90ab75328cfaa056db2feafebfe88be842a9d4a72a616922
-
SHA512
632f445d95e1e08ad7790d914283ba40a845b55e38a09653141d943c621f219a446f80e600bf31db1deb9741f0331ca866a231b1a4e0c3de2553a4673ff7accc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2032 wrote to memory of 972 2032 cmd.exe replace.exe PID 2032 wrote to memory of 972 2032 cmd.exe replace.exe PID 2032 wrote to memory of 972 2032 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/972-54-0x0000000000000000-mapping.dmp