Overview
overview
10Static
static
ET.lnk
windows7-x64
10ET.lnk
windows10-1703-x64
10ET.lnk
windows10-2004-x64
10developer/...ng.cmd
windows7-x64
1developer/...ng.cmd
windows10-1703-x64
1developer/...ng.cmd
windows10-2004-x64
1developer/inhales.cmd
windows7-x64
1developer/inhales.cmd
windows10-1703-x64
1developer/inhales.cmd
windows10-2004-x64
1developer/...ss.dll
windows7-x64
3developer/...ss.dll
windows10-1703-x64
3developer/...ss.dll
windows10-2004-x64
3Analysis
-
max time kernel
33s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-12-2022 14:49
Static task
static1
Behavioral task
behavioral1
Sample
ET.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ET.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
ET.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
developer/becoming.cmd
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
developer/becoming.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
developer/becoming.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
developer/inhales.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
developer/inhales.cmd
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
developer/inhales.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral10
Sample
developer/nevertheless.dll
Resource
win7-20221111-en
Behavioral task
behavioral11
Sample
developer/nevertheless.dll
Resource
win10-20220901-en
Behavioral task
behavioral12
Sample
developer/nevertheless.dll
Resource
win10v2004-20221111-en
General
-
Target
developer/inhales.cmd
-
Size
299B
-
MD5
a662b1f12e5002dff7fb755cd8c091c1
-
SHA1
6c8dd732a29e9ebf36b2fc43a08abe4a5db922ca
-
SHA256
a6b5db682703730d7f1a64f9cbe2386bae8c6b2af31549e83eba2458b0db9345
-
SHA512
ed525bc09479a0c934997c53713f6d789a7cc43f18cc71424bf0d3e498d4f4c4dff64f534078e9aac165ffebc1db6e717cf50e56502ecbb0c8964235082b3102
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1520 wrote to memory of 1320 1520 cmd.exe replace.exe PID 1520 wrote to memory of 1320 1520 cmd.exe replace.exe PID 1520 wrote to memory of 1320 1520 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1320-54-0x0000000000000000-mapping.dmp