Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-02-2023 08:24

General

  • Target

    SPASTICS/STYRACIN.cmd

  • Size

    493B

  • MD5

    790ceb9320dc61a4dce587d010687ba7

  • SHA1

    dddda5ee7edee9905f5e39f35370b0ce07613d81

  • SHA256

    3fea013a2165df121f9e585b6379ec0aa3215510302c1afbea20d9e4276d6fe0

  • SHA512

    9b06b3bb0f918a7e40246f28c6a10dc623620f34a2f2b6e7dd83ad28126a26bf573001a16eda1c78d388407f944fd91708ff9d3f98654abcd265a926d7e0cad1

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\SPASTICS\STYRACIN.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\rundll32.exe
      rundll32 SPASTICS/QUINIBLE.DAT,init
      2⤵
        PID:1124

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1124-54-0x0000000000000000-mapping.dmp