Analysis
-
max time kernel
18s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
07-12-2022 18:19
Static task
static1
Behavioral task
behavioral1
Sample
Ref.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Ref.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
buyer/actualities.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
buyer/actualities.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
buyer/mobbed.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
buyer/mobbed.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
buyer/persecutes.cmd
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
buyer/persecutes.cmd
Resource
win10v2004-20220901-en
General
-
Target
buyer/actualities.cmd
-
Size
296B
-
MD5
5eac8c4a67043405038fe2c7968a8107
-
SHA1
4873948a0d13dbb8e72dbebf36659f3fc03a82c0
-
SHA256
a68efde0a96c7066dcdfa1557584927fe03be98266c31e70b05caffb5e319080
-
SHA512
707c124e66e85a43dbb60927a36c799345a3fa882e18d4bc5b07078a7c0c0990576f9cea35ee61d7e60287561e9591a849aad9ab871437fca0c4ebc21e38a76d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1248 wrote to memory of 1340 1248 cmd.exe replace.exe PID 1248 wrote to memory of 1340 1248 cmd.exe replace.exe PID 1248 wrote to memory of 1340 1248 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1340-54-0x0000000000000000-mapping.dmp