Overview

overview

10

Static

static

request_01...10.lnk

windows7-x64

10

request_01...10.lnk

windows10-2004-x64

10

request_01...ng.dll

windows7-x64

3

request_01...ng.dll

windows10-2004-x64

3

request_01...ph.cmd

windows7-x64

1

request_01...ph.cmd

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2023 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    request_01-10_INV-165/potyourueZ/oilgotyeph.cmd

  • Size

    1KB

  • MD5

    680c3dc587328842dc0bad5fd0227416

  • SHA1

    c492f8733d34fdf933f09087be7f84909690711d

  • SHA256

    481906de199f9e4f81418e144c72dac493406d944b55d3292c4ba10bfa94cded

  • SHA512

    21be0061df02e1eb38b0e17bfcd513e307530a6c3690b9d54fc03dfb7c3a60ba1d52333b4782d1f953d3e56ba19df26c4967023a98dd1809adaeee30245d6a18

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\request_01-10_INV-165\potyourueZ\oilgotyeph.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Windows\system32\xcopy.exe
      xcopy /s /i /e /h potyourueZ\disintoxicating.dat C:\Users\Admin\AppData\Local\Temp\*
      2⤵
        PID:1976

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1976-54-0x0000000000000000-mapping.dmp
      Download