3e60bc33fec459ffbeab96fef9d38aadfc66df777e41ed641f9cd8d0a575959c | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16/12/2022, 17:37

Sharing

Report Analysis Logs

General

Target

slings/explorations.cmd
Size

288B
MD5

6eb32dccbc28f2150a37952532ec4e12
SHA1

b05ffae5e6b4508831e4f9bc607dc71f8be0a740
SHA256

f5284d9872c6c9907500265e8f95b73950978aefc0a1a16859342348420580c4
SHA512

8b76ae5322392bb302cf54b4e9299f4a921ae60a86b6d42fae2f59dad717895e5cadf4844f289bf8922bd735f67b8ee8777e31706ec98b6cf16b39ac3b166fb5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1776	1092	cmd.exe	28
PID 1092 wrote to memory of 1776	1092	cmd.exe	28
PID 1092 wrote to memory of 1776	1092	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\slings\explorations.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\system32\replace.exe
  replace C:\Windows\\32\\L32.eXe C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads