Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16/12/2022, 17:37
Static task
static1
Behavioral task
behavioral1
Sample
VV.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
VV.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
slings/denudes.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
slings/denudes.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
slings/explorations.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
slings/explorations.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
slings/mismanagement.cmd
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
slings/mismanagement.cmd
Resource
win10v2004-20221111-en
General
-
Target
slings/explorations.cmd
-
Size
288B
-
MD5
6eb32dccbc28f2150a37952532ec4e12
-
SHA1
b05ffae5e6b4508831e4f9bc607dc71f8be0a740
-
SHA256
f5284d9872c6c9907500265e8f95b73950978aefc0a1a16859342348420580c4
-
SHA512
8b76ae5322392bb302cf54b4e9299f4a921ae60a86b6d42fae2f59dad717895e5cadf4844f289bf8922bd735f67b8ee8777e31706ec98b6cf16b39ac3b166fb5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1092 wrote to memory of 1776 1092 cmd.exe 28 PID 1092 wrote to memory of 1776 1092 cmd.exe 28 PID 1092 wrote to memory of 1776 1092 cmd.exe 28