Analysis
-
max time kernel
49s -
max time network
71s -
platform
windows10-1703_x64 -
resource
win10-20220901-es -
resource tags
arch:x64arch:x86image:win10-20220901-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
08-12-2022 16:15
Static task
static1
Behavioral task
behavioral1
Sample
RR.lnk
Resource
win10-20220812-es
windows10-1703-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
unutterably/felons.cmd
Resource
win10-20220812-es
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
unutterably/offered.cmd
Resource
win10-20220901-es
windows10-1703-x64
1 signatures
150 seconds
General
-
Target
unutterably/offered.cmd
-
Size
295B
-
MD5
9673b66b99505d53c42d4a7e1fc4f034
-
SHA1
d0bb45562f93e8776eedd2789718b82822ffd597
-
SHA256
cebf4e464cc6623e3c72f593ec96888032a1266085fdc215e436650e3dbeca5f
-
SHA512
43a0fab7fcf24aebcac3cfe48564b6f7f298e66be9d21cf1c544edf120f584f60ca271fae8878774c0f541f68b24cc02c492d3a0711e3494fda38087f0d05bc9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 2804 wrote to memory of 1928 2804 cmd.exe replace.exe PID 2804 wrote to memory of 1928 2804 cmd.exe replace.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1928-120-0x0000000000000000-mapping.dmp