Overview

overview

10

Static

static

Copy_INV_01-20.lnk

windows7-x64

10

Copy_INV_01-20.lnk

windows10-1703-x64

10

wisbispodi...bS.cmd

windows7-x64

1

wisbispodi...bS.cmd

windows10-1703-x64

1

wisbispodi...ng.dll

windows7-x64

1

wisbispodi...ng.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    407s
  • max time network
    409s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    20-01-2023 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wisbispodi/rajsoldabS.cmd

  • Size

    1KB

  • MD5

    1d156fc27a24f2b1ae1cf67083193750

  • SHA1

    2d341230f92eac3ccc1838af81229235fd96069e

  • SHA256

    966502087a3faf913c50fd5cd1880755fb0e8c379faca06072bac3ebb6ad3917

  • SHA512

    e81c934741813d5587fdb6478a02beab73796bd4bbbdac35d50b9b9a03a7f3702c2a6a27d52fce2616d2e7a13fbad263cf069846d1fd6b70a42b53e95b07f8bc

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\wisbispodi\rajsoldabS.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Windows\system32\xcopy.exe
      xcopy /s /i /e /h wisbispodi\tunneling.dat C:\Users\Admin\AppData\Local\Temp\*
      2⤵
        PID:1368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1368-54-0x0000000000000000-mapping.dmp
      Download