Analysis
-
max time kernel
28s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
19-01-2023 20:44
Static task
static1
Behavioral task
behavioral1
Sample
New folder/Copy_Document_01-19.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
New folder/Copy_Document_01-19.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
New folder/fogduepetf/oftsaginnT.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
New folder/fogduepetf/oftsaginnT.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
New folder/fogduepetf/rencountering.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
New folder/fogduepetf/rencountering.dll
Resource
win10v2004-20220812-en
General
-
Target
New folder/fogduepetf/oftsaginnT.cmd
-
Size
1KB
-
MD5
e2cdbb1f310b6802213f6d4117b3d0ec
-
SHA1
a382cc0e6c9c89026896b81be2bf9889446c94c0
-
SHA256
b2dd5776e444bd1eafe8d1d17e5ee67e3e2b7d6a40973e7be94460fc4c0486a8
-
SHA512
1ce7f0ccd7958fa4a7a1b1cf2dc66cf33ea2715e41e221e6d06484746eb9f51a78d5f61305c2a848c6bb3400319247d255a122ef982ce74bda48e84a52f4d396
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1532 wrote to memory of 1696 1532 cmd.exe xcopy.exe PID 1532 wrote to memory of 1696 1532 cmd.exe xcopy.exe PID 1532 wrote to memory of 1696 1532 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1696-54-0x0000000000000000-mapping.dmp