2d9493677b6e947b8ac731b566fca525ac9885d66400d00d1b20667baec93d10 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-12-2022 05:22

Sharing

Report Analysis Logs

General

Target

slings/overlaid.cmd
Size

301B
MD5

e5ceec32bcbfbee8fd876f8212da4cd2
SHA1

e2abf007d02a79b90a5550845591d88739ec7a3d
SHA256

80693db6ab7f131371c7ac2a48cbaf493f59a2ff08543149c37cd7074be9bae7
SHA512

3e40cce35d8906b14aa0fe12b4f4ff975933fd41191865ef9b289999411cce340f93784cd558febfff2766d92dbc41bdbdb216865307c40756f21080367cb238

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1064	2000	cmd.exe	29
PID 2000 wrote to memory of 1064	2000	cmd.exe	29
PID 2000 wrote to memory of 1064	2000	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\slings\overlaid.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\L32.eXe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-54-0x0000000000000000-mapping.dmp

Download