b7222a595d89970162652af4632562947e64bca100e5005e44cef8dac9e908c2 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 08:24

Sharing

Report Analysis Logs

General

Target

SPASTICS/STYRACIN.cmd
Size

493B
MD5

790ceb9320dc61a4dce587d010687ba7
SHA1

dddda5ee7edee9905f5e39f35370b0ce07613d81
SHA256

3fea013a2165df121f9e585b6379ec0aa3215510302c1afbea20d9e4276d6fe0
SHA512

9b06b3bb0f918a7e40246f28c6a10dc623620f34a2f2b6e7dd83ad28126a26bf573001a16eda1c78d388407f944fd91708ff9d3f98654abcd265a926d7e0cad1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1684 wrote to memory of 1124	1684	cmd.exe	rundll32.exe
PID 1684 wrote to memory of 1124	1684	cmd.exe	rundll32.exe
PID 1684 wrote to memory of 1124	1684	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\SPASTICS\STYRACIN.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684

C:\Windows\system32\rundll32.exe
rundll32 SPASTICS/QUINIBLE.DAT,init
2⤵
PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1124-54-0x0000000000000000-mapping.dmp

Download