Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-01-2023 07:57
Static task
static1
Behavioral task
behavioral1
Sample
Document_72/Scan_01-20.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Document_72/Scan_01-20.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Document_72/letetasody/pamphleteering.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
Document_72/letetasody/pamphleteering.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Document_72/letetasody/sacsimsapI.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
Document_72/letetasody/sacsimsapI.cmd
Resource
win10v2004-20221111-en
General
-
Target
Document_72/letetasody/sacsimsapI.cmd
-
Size
1KB
-
MD5
946edfa955e469aad87a33035cf28586
-
SHA1
7348f8def6ced40b984c8af5793f9a1ec29c0428
-
SHA256
7f66918d6312cce66eb7d7c8027477f488e567c2483694e2bc77104423b5d386
-
SHA512
45c7c16a6cfc0d97d41abbcdb9563c8257fd24840177bd0f4c8aecdfe9338e101424d4b7c2d56f40405022d5b5fd06a7355d89db9abddc84cb31585648d9113d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 616 wrote to memory of 956 616 cmd.exe xcopy.exe PID 616 wrote to memory of 956 616 cmd.exe xcopy.exe PID 616 wrote to memory of 956 616 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/956-54-0x0000000000000000-mapping.dmp