3854378244a047c56378fa00420a2340a1d0e5e7670708f70b90d52fd35f3120 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
10-01-2023 17:10

Sharing

Report Analysis Logs

General

Target

rugcoyalls/pangapsexN.cmd
Size

1KB
MD5

d58b4bfb8bd596d0ec8224fac12f0b99
SHA1

a056fc0a4524e6b0c21e73bdc47d3b7fe3cea448
SHA256

2347581778f6ff0791072ce338d8c04a7c6b16815f239baf753756a7ce3bce07
SHA512

d5ff2419372a1d73170cd73324b4c04affb0102d4e100825a4f03b91ee7b2a072286fba644444626a38235b03022086bebf1e79c5c06e288c0f0133427cb3091

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1532 wrote to memory of 1800	1532	cmd.exe	xcopy.exe
PID 1532 wrote to memory of 1800	1532	cmd.exe	xcopy.exe
PID 1532 wrote to memory of 1800	1532	cmd.exe	xcopy.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\rugcoyalls\pangapsexN.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532

C:\Windows\system32\xcopy.exe
xcopy /s /i /e /h rugcoyalls\mischannelling.dat C:\Users\Admin\AppData\Local\Temp\*
2⤵
PID:1800

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-54-0x0000000000000000-mapping.dmp

Download