6655718d3b33ff0e9c8bab83b6da44d0e026488b284e60116f1b252b5e82620c | Triage

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
12-12-2022 09:07

Sharing

Report Analysis Logs

General

Target

iced2/secgymoddkid/sewala.cmd
Size

1KB
MD5

74fc76546fb2b58c5fe05b97c3354059
SHA1

805b4c605ff6f2cd9bc38ba502983b20fea4f297
SHA256

9311f2af0242350be45d18dcbf52e8477c052239ef9244fe08c43849c6cf76a0
SHA512

e1a9b419b0ae6df843829715c1d4b353f72097376e4d088d16c1a126a842b1b9cbafcd9a9609f79b999d41e036f4533c30db18e1354376a055f7cc1436338284

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1060 wrote to memory of 1996	1060	cmd.exe	xcopy.exe
PID 1060 wrote to memory of 1996	1060	cmd.exe	xcopy.exe
PID 1060 wrote to memory of 1996	1060	cmd.exe	xcopy.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\iced2\secgymoddkid\sewala.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1060

C:\Windows\system32\xcopy.exe
xcopy /s /i /e /h secgymoddkid\electrofishing.tmp C:\Users\Admin\AppData\Local\Temp\*
2⤵
PID:1996

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-54-0x0000000000000000-mapping.dmp

Download