2ebaeeec8d4f6b267d466e1ea0cbcd3e356f422c76f063c26d56131f951d5723 | Triage

Analysis

max time kernel
52s
max time network
149s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
08-12-2022 16:20

Sharing

Report Analysis Logs

General

Target

unutterably/offered.cmd
Size

295B
MD5

9673b66b99505d53c42d4a7e1fc4f034
SHA1

d0bb45562f93e8776eedd2789718b82822ffd597
SHA256

cebf4e464cc6623e3c72f593ec96888032a1266085fdc215e436650e3dbeca5f
SHA512

43a0fab7fcf24aebcac3cfe48564b6f7f298e66be9d21cf1c544edf120f584f60ca271fae8878774c0f541f68b24cc02c492d3a0711e3494fda38087f0d05bc9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 2888 wrote to memory of 4828 2888 cmd.exe replace.exe
PID 2888 wrote to memory of 4828 2888 cmd.exe replace.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\unutterably\offered.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888

C:\Windows\system32\replace.exe
replace C:\Windows\\32\\r32.exe C:\Users\Admin\AppData\Local\Temp /A
2⤵
PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-119-0x0000000000000000-mapping.dmp

Download