Analysis
-
max time kernel
46s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-12-2022 16:56
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Dec12.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_Dec12.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
ragaxe/codXl.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
ragaxe/codXl.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
ragaxe/offscouring.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
ragaxe/offscouring.dll
Resource
win10v2004-20220812-en
General
-
Target
ragaxe/codXl.cmd
-
Size
1KB
-
MD5
b1255bfb981f5e0c8ed9701f2a50ddac
-
SHA1
7bef2c94b918fa69958c72f2570399d51f67c1bf
-
SHA256
2cd0c087dde62ece2b70fe17b113eb7495e21cd7fea0f00b64eb70d4b927f232
-
SHA512
455147d17fe301b71bd23bab485595b85cd849fde589a4ebf691d8db7a3addd5988cef1cb5e1bbeade12aef0d0ed96cdd80c121580c36aa1e22bd9954c158396
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2012 wrote to memory of 1256 2012 cmd.exe xcopy.exe PID 2012 wrote to memory of 1256 2012 cmd.exe xcopy.exe PID 2012 wrote to memory of 1256 2012 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1256-54-0x0000000000000000-mapping.dmp