a8b62a647ee1bf728c8c10276da781f8ae6e194aa95c1fb225671913d49869e1 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-01-2023 16:54

Sharing

Report Analysis Logs

General

Target

hublamjogk/bowsaptoyU.cmd
Size

1KB
MD5

bc80fc8754faa57bc46358afa90ade4d
SHA1

428d9a8609a647e8d74a0c9017babfd1ad567635
SHA256

1fb4245d07a96f49c0444f3b8605ca16a830e0081002748be0aa581493135d45
SHA512

70ca03b05193e0a68fa5d693a2bb7c76e207ec5704e57f39ed1818c9438afa733b56614ccc3fc4f36ef7696626b026d5437bba0aaa6d549d77ccd0c2d90cf7a2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 864 wrote to memory of 2044	864	cmd.exe	xcopy.exe
PID 864 wrote to memory of 2044	864	cmd.exe	xcopy.exe
PID 864 wrote to memory of 2044	864	cmd.exe	xcopy.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\hublamjogk\bowsaptoyU.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:864

C:\Windows\system32\xcopy.exe
xcopy /s /i /e /h hublamjogk\skysurfing.dat C:\Users\Admin\AppData\Local\Temp\*
2⤵
PID:2044

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-54-0x0000000000000000-mapping.dmp

Download