Overview
overview
10Static
static
Scan_01-09.lnk
windows7-x64
10Scan_01-09.lnk
windows10-1703-x64
10Scan_01-09.lnk
windows10-2004-x64
10firvetourg...dc.cmd
windows7-x64
1firvetourg...dc.cmd
windows10-1703-x64
1firvetourg...dc.cmd
windows10-2004-x64
1firvetourg...ng.dll
windows7-x64
3firvetourg...ng.dll
windows10-1703-x64
3firvetourg...ng.dll
windows10-2004-x64
3Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-01-2023 21:02
Static task
static1
Behavioral task
behavioral1
Sample
Scan_01-09.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Scan_01-09.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
Scan_01-09.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral4
Sample
firvetourg/denmedmudc.cmd
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
firvetourg/denmedmudc.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
firvetourg/denmedmudc.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
firvetourg/reencountering.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
firvetourg/reencountering.dll
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
firvetourg/reencountering.dll
Resource
win10v2004-20221111-en
General
-
Target
firvetourg/denmedmudc.cmd
-
Size
1KB
-
MD5
c28f4835e4522c127c5d0306e4882bc3
-
SHA1
26c24e97e961d50cd6ac2c88d307a000f85e89fc
-
SHA256
01ef8a55d948b5b1c60741b689fa31a755bca5f1d0b13b34282ad0031b754797
-
SHA512
5511c255f2129282ce1da65711f76d039f2f4b4231db2f0395b3eee76cad61c5098d4f151f4701705fedad4bd23a8818377eee6fa592af3fedef58df25676bf8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 856 wrote to memory of 996 856 cmd.exe xcopy.exe PID 856 wrote to memory of 996 856 cmd.exe xcopy.exe PID 856 wrote to memory of 996 856 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/996-54-0x0000000000000000-mapping.dmp