Overview

overview

10

Static

static

Scan_01-09.lnk

windows7-x64

10

Scan_01-09.lnk

windows10-2004-x64

10

copillwonv...yd.cmd

windows7-x64

1

copillwonv...yd.cmd

windows10-2004-x64

1

copillwonv...ng.dll

windows7-x64

3

copillwonv...ng.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2023 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    copillwonv/hipsexfryd.cmd

  • Size

    1KB

  • MD5

    cd4e29cd2e40036a15420ebc25ea24d2

  • SHA1

    b867b239b49326ac7aec9986b60620f7c256e7a4

  • SHA256

    6da903d156a109167a30e55cf323815a4418d439976232523fd3b71c04df87dc

  • SHA512

    fb88d965ce0fed7c997cb377881c51c9bc3fa9b003577e20eadd4e279991eee46985afeaf4a0a42d38261cdf371561c04e28b5ae0f204c41cf098ea6ca2bae2a

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\copillwonv\hipsexfryd.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\system32\xcopy.exe
      xcopy /s /i /e /h copillwonv\strapping.dat C:\Users\Admin\AppData\Local\Temp\*
      2⤵
        PID:1920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1920-54-0x0000000000000000-mapping.dmp

      Download