Overview
overview
10Static
static
ET.lnk
windows7-x64
10ET.lnk
windows10-2004-x64
10startles/alwinton.cmd
windows7-x64
1startles/alwinton.cmd
windows10-2004-x64
1startles/beriberi.cmd
windows7-x64
1startles/beriberi.cmd
windows10-2004-x64
1startles/racially.dll
windows7-x64
3startles/racially.dll
windows10-2004-x64
3Analysis
-
max time kernel
29s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-12-2022 09:54
Static task
static1
Behavioral task
behavioral1
Sample
ET.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ET.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
startles/alwinton.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
startles/alwinton.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
startles/beriberi.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
startles/beriberi.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
startles/racially.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
startles/racially.dll
Resource
win10v2004-20220812-en
General
-
Target
startles/alwinton.cmd
-
Size
288B
-
MD5
0abf85f95180bd65217f7112c72afc47
-
SHA1
2effde89bfe8c13998152bdf0061ae87111c8696
-
SHA256
559252146892a488e408ed0bf05d2b610f1f097bc3fa8431e1b44b25415cb3e8
-
SHA512
b97bdb62ef3034de81ac46693b835e400525260f9af1438a290b6e911335128b3d054dc9a43790a0dfcbe4d5666454296b651d2d16ee5aad913356f7374448df
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1964 wrote to memory of 964 1964 cmd.exe replace.exe PID 1964 wrote to memory of 964 1964 cmd.exe replace.exe PID 1964 wrote to memory of 964 1964 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/964-54-0x0000000000000000-mapping.dmp