Analysis
-
max time kernel
29s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
11-01-2023 04:49
Static task
static1
Behavioral task
behavioral1
Sample
request_01-10_INV-165/CopyFolder_01-10.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
request_01-10_INV-165/CopyFolder_01-10.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
request_01-10_INV-165/potyourueZ/disintoxicating.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
request_01-10_INV-165/potyourueZ/disintoxicating.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
request_01-10_INV-165/potyourueZ/oilgotyeph.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
request_01-10_INV-165/potyourueZ/oilgotyeph.cmd
Resource
win10v2004-20220812-en
General
-
Target
request_01-10_INV-165/potyourueZ/oilgotyeph.cmd
-
Size
1KB
-
MD5
680c3dc587328842dc0bad5fd0227416
-
SHA1
c492f8733d34fdf933f09087be7f84909690711d
-
SHA256
481906de199f9e4f81418e144c72dac493406d944b55d3292c4ba10bfa94cded
-
SHA512
21be0061df02e1eb38b0e17bfcd513e307530a6c3690b9d54fc03dfb7c3a60ba1d52333b4782d1f953d3e56ba19df26c4967023a98dd1809adaeee30245d6a18
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1468 wrote to memory of 1976 1468 cmd.exe xcopy.exe PID 1468 wrote to memory of 1976 1468 cmd.exe xcopy.exe PID 1468 wrote to memory of 1976 1468 cmd.exe xcopy.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\request_01-10_INV-165\potyourueZ\oilgotyeph.cmd"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\xcopy.exexcopy /s /i /e /h potyourueZ\disintoxicating.dat C:\Users\Admin\AppData\Local\Temp\*2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1976-54-0x0000000000000000-mapping.dmp