Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
10-01-2023 17:10
Static task
static1
Behavioral task
behavioral1
Sample
REF.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
REF.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
rugcoyalls/mischannelling.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
rugcoyalls/mischannelling.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
rugcoyalls/pangapsexN.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
rugcoyalls/pangapsexN.cmd
Resource
win10v2004-20220812-en
General
-
Target
rugcoyalls/pangapsexN.cmd
-
Size
1KB
-
MD5
d58b4bfb8bd596d0ec8224fac12f0b99
-
SHA1
a056fc0a4524e6b0c21e73bdc47d3b7fe3cea448
-
SHA256
2347581778f6ff0791072ce338d8c04a7c6b16815f239baf753756a7ce3bce07
-
SHA512
d5ff2419372a1d73170cd73324b4c04affb0102d4e100825a4f03b91ee7b2a072286fba644444626a38235b03022086bebf1e79c5c06e288c0f0133427cb3091
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1532 wrote to memory of 1800 1532 cmd.exe xcopy.exe PID 1532 wrote to memory of 1800 1532 cmd.exe xcopy.exe PID 1532 wrote to memory of 1800 1532 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1800-54-0x0000000000000000-mapping.dmp