7aec2958937bdce9572aab569a5e639594dd99e53481dea6b637a50c1f21bb24 | Triage

Analysis

max time kernel
28s
max time network
143s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
19-01-2023 20:44

Sharing

Report Analysis Logs

General

Target

New folder/fogduepetf/oftsaginnT.cmd
Size

1KB
MD5

e2cdbb1f310b6802213f6d4117b3d0ec
SHA1

a382cc0e6c9c89026896b81be2bf9889446c94c0
SHA256

b2dd5776e444bd1eafe8d1d17e5ee67e3e2b7d6a40973e7be94460fc4c0486a8
SHA512

1ce7f0ccd7958fa4a7a1b1cf2dc66cf33ea2715e41e221e6d06484746eb9f51a78d5f61305c2a848c6bb3400319247d255a122ef982ce74bda48e84a52f4d396

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1532 wrote to memory of 1696	1532	cmd.exe	xcopy.exe
PID 1532 wrote to memory of 1696	1532	cmd.exe	xcopy.exe
PID 1532 wrote to memory of 1696	1532	cmd.exe	xcopy.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New folder\fogduepetf\oftsaginnT.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532

C:\Windows\system32\xcopy.exe
xcopy /s /i /e /h fogduepetf\rencountering.dat C:\Users\Admin\AppData\Local\Temp\*
2⤵
PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-54-0x0000000000000000-mapping.dmp

Download