d88fdda2f0706fe1cc2706c14e7a060af6ee2781e0cb9f1714cbecfceb75ab3b | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-01-2023 07:57

Sharing

Report Analysis Logs

General

Target

Document_72/letetasody/sacsimsapI.cmd
Size

1KB
MD5

946edfa955e469aad87a33035cf28586
SHA1

7348f8def6ced40b984c8af5793f9a1ec29c0428
SHA256

7f66918d6312cce66eb7d7c8027477f488e567c2483694e2bc77104423b5d386
SHA512

45c7c16a6cfc0d97d41abbcdb9563c8257fd24840177bd0f4c8aecdfe9338e101424d4b7c2d56f40405022d5b5fd06a7355d89db9abddc84cb31585648d9113d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 616 wrote to memory of 956	616	cmd.exe	xcopy.exe
PID 616 wrote to memory of 956	616	cmd.exe	xcopy.exe
PID 616 wrote to memory of 956	616	cmd.exe	xcopy.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Document_72\letetasody\sacsimsapI.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:616

C:\Windows\system32\xcopy.exe
xcopy /s /i /e /h letetasody\pamphleteering.dat C:\Users\Admin\AppData\Local\Temp\*
2⤵
PID:956

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-54-0x0000000000000000-mapping.dmp

Download