Analysis
-
max time kernel
407s -
max time network
409s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
20-01-2023 21:57
Static task
static1
Behavioral task
behavioral1
Sample
Copy_INV_01-20.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Copy_INV_01-20.lnk
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
wisbispodi/rajsoldabS.cmd
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
wisbispodi/rajsoldabS.cmd
Resource
win10-20220901-en
Behavioral task
behavioral5
Sample
wisbispodi/tunneling.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
wisbispodi/tunneling.dll
Resource
win10-20220812-en
General
-
Target
wisbispodi/rajsoldabS.cmd
-
Size
1KB
-
MD5
1d156fc27a24f2b1ae1cf67083193750
-
SHA1
2d341230f92eac3ccc1838af81229235fd96069e
-
SHA256
966502087a3faf913c50fd5cd1880755fb0e8c379faca06072bac3ebb6ad3917
-
SHA512
e81c934741813d5587fdb6478a02beab73796bd4bbbdac35d50b9b9a03a7f3702c2a6a27d52fce2616d2e7a13fbad263cf069846d1fd6b70a42b53e95b07f8bc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 960 wrote to memory of 1368 960 cmd.exe xcopy.exe PID 960 wrote to memory of 1368 960 cmd.exe xcopy.exe PID 960 wrote to memory of 1368 960 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1368-54-0x0000000000000000-mapping.dmp