Overview
overview
10Static
static
INV_Scan_Jan.lnk
windows7-x64
10INV_Scan_Jan.lnk
windows10-2004-x64
10Requirements.lnk
windows7-x64
3Requirements.lnk
windows10-2004-x64
7hublamjogk...yU.cmd
windows7-x64
1hublamjogk...yU.cmd
windows10-2004-x64
1hublamjogk...ng.dll
windows7-x64
1hublamjogk...ng.dll
windows10-2004-x64
1projectt.py
windows7-x64
3projectt.py
windows10-2004-x64
3python.exe
windows7-x64
1python.exe
windows10-2004-x64
1pythonw.exe
windows7-x64
1pythonw.exe
windows10-2004-x64
1Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-01-2023 16:51
Static task
static1
Behavioral task
behavioral1
Sample
INV_Scan_Jan.lnk
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
INV_Scan_Jan.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Requirements.lnk
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
Requirements.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
hublamjogk/bowsaptoyU.cmd
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
hublamjogk/bowsaptoyU.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
hublamjogk/skysurfing.dll
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
hublamjogk/skysurfing.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
projectt.py
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
projectt.py
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
python.exe
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
python.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
pythonw.exe
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
pythonw.exe
Resource
win10v2004-20221111-en
General
-
Target
hublamjogk/bowsaptoyU.cmd
-
Size
1KB
-
MD5
bc80fc8754faa57bc46358afa90ade4d
-
SHA1
428d9a8609a647e8d74a0c9017babfd1ad567635
-
SHA256
1fb4245d07a96f49c0444f3b8605ca16a830e0081002748be0aa581493135d45
-
SHA512
70ca03b05193e0a68fa5d693a2bb7c76e207ec5704e57f39ed1818c9438afa733b56614ccc3fc4f36ef7696626b026d5437bba0aaa6d549d77ccd0c2d90cf7a2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2016 wrote to memory of 1636 2016 cmd.exe xcopy.exe PID 2016 wrote to memory of 1636 2016 cmd.exe xcopy.exe PID 2016 wrote to memory of 1636 2016 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-54-0x0000000000000000-mapping.dmp