Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
12-12-2022 09:01
Static task
static1
Behavioral task
behavioral1
Sample
iced/Documents.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
iced/Documents.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
iced/askgothogtan/forbidding.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
iced/askgothogtan/forbidding.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
iced/askgothogtan/ginbum.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
iced/askgothogtan/ginbum.cmd
Resource
win10v2004-20220812-en
General
-
Target
iced/askgothogtan/ginbum.cmd
-
Size
1KB
-
MD5
9c5c165f68040c27ca493218e54a57ef
-
SHA1
e18932c39422969e5908dce3260acae4e46a11ad
-
SHA256
791ece5a1f7a84eb20786454ec917d3ef16a0a57a7d5e9ecbeb069151cdd16d4
-
SHA512
fed35aa7628d645d20028d4c106b3899ea459480645a33c720d645dc339637e92033260a0187b33f421b74a5b1df97845bd2d6af833dc4fbfcf4c275937fc638
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1208 wrote to memory of 2040 1208 cmd.exe xcopy.exe PID 1208 wrote to memory of 2040 1208 cmd.exe xcopy.exe PID 1208 wrote to memory of 2040 1208 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2040-54-0x0000000000000000-mapping.dmp