Analysis
-
max time kernel
115s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2022 16:56
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Dec12.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_Dec12.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
ragaxe/codXl.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
ragaxe/codXl.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
ragaxe/offscouring.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
ragaxe/offscouring.dll
Resource
win10v2004-20220812-en
General
-
Target
ragaxe/codXl.cmd
-
Size
1KB
-
MD5
b1255bfb981f5e0c8ed9701f2a50ddac
-
SHA1
7bef2c94b918fa69958c72f2570399d51f67c1bf
-
SHA256
2cd0c087dde62ece2b70fe17b113eb7495e21cd7fea0f00b64eb70d4b927f232
-
SHA512
455147d17fe301b71bd23bab485595b85cd849fde589a4ebf691d8db7a3addd5988cef1cb5e1bbeade12aef0d0ed96cdd80c121580c36aa1e22bd9954c158396
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 2176 wrote to memory of 2976 2176 cmd.exe xcopy.exe PID 2176 wrote to memory of 2976 2176 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2976-132-0x0000000000000000-mapping.dmp