Overview

overview

10

Static

static

VV.lnk

windows7-x64

10

VV.lnk

windows10-2004-x64

10

slings/denudes.dll

windows7-x64

10

slings/denudes.dll

windows10-2004-x64

10

slings/exp...ns.cmd

windows7-x64

1

slings/exp...ns.cmd

windows10-2004-x64

1

slings/mis...nt.cmd

windows7-x64

1

slings/mis...nt.cmd

windows10-2004-x64

1

Analysis

  • max time kernel
    61s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2022 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    slings/explorations.cmd

  • Size

    288B

  • MD5

    6eb32dccbc28f2150a37952532ec4e12

  • SHA1

    b05ffae5e6b4508831e4f9bc607dc71f8be0a740

  • SHA256

    f5284d9872c6c9907500265e8f95b73950978aefc0a1a16859342348420580c4

  • SHA512

    8b76ae5322392bb302cf54b4e9299f4a921ae60a86b6d42fae2f59dad717895e5cadf4844f289bf8922bd735f67b8ee8777e31706ec98b6cf16b39ac3b166fb5

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\slings\explorations.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Windows\system32\replace.exe
      replace C:\Windows\\32\\L32.eXe C:\Users\Admin\AppData\Local\Temp /A
      2⤵
        PID:2356

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2356-132-0x0000000000000000-mapping.dmp

      Download