ce9113fc983ed9c41944321711d228aa57a536294b7180e407dc2f9dc17bb4ad | Triage

Analysis

max time kernel
11s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07-12-2022 16:11

Sharing

Report Analysis Logs

General

Target

engendering/suite.cmd
Size

314B
MD5

c5307a3a6319b241a7e15f64f7562701
SHA1

18262674ec55508d7639c816d052bf67c6059ba3
SHA256

2a65f7c44630717f90ab75328cfaa056db2feafebfe88be842a9d4a72a616922
SHA512

632f445d95e1e08ad7790d914283ba40a845b55e38a09653141d943c621f219a446f80e600bf31db1deb9741f0331ca866a231b1a4e0c3de2553a4673ff7accc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2032 wrote to memory of 972	2032	cmd.exe	replace.exe
PID 2032 wrote to memory of 972	2032	cmd.exe	replace.exe
PID 2032 wrote to memory of 972	2032	cmd.exe	replace.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\engendering\suite.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\system32\replace.exe
replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
2⤵
PID:972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-54-0x0000000000000000-mapping.dmp

Download