Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-01-2023 16:54
Static task
static1
Behavioral task
behavioral1
Sample
INV_Scan_Jan.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INV_Scan_Jan.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
hublamjogk/bowsaptoyU.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
hublamjogk/bowsaptoyU.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
hublamjogk/skysurfing.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
hublamjogk/skysurfing.dll
Resource
win10v2004-20220812-en
General
-
Target
hublamjogk/bowsaptoyU.cmd
-
Size
1KB
-
MD5
bc80fc8754faa57bc46358afa90ade4d
-
SHA1
428d9a8609a647e8d74a0c9017babfd1ad567635
-
SHA256
1fb4245d07a96f49c0444f3b8605ca16a830e0081002748be0aa581493135d45
-
SHA512
70ca03b05193e0a68fa5d693a2bb7c76e207ec5704e57f39ed1818c9438afa733b56614ccc3fc4f36ef7696626b026d5437bba0aaa6d549d77ccd0c2d90cf7a2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 864 wrote to memory of 2044 864 cmd.exe xcopy.exe PID 864 wrote to memory of 2044 864 cmd.exe xcopy.exe PID 864 wrote to memory of 2044 864 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2044-54-0x0000000000000000-mapping.dmp