Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/02/2023, 19:31

General

  • Target

    oslo/they.cmd

  • Size

    295B

  • MD5

    c10b599f771fd5446afb0b257bae3dd2

  • SHA1

    bc3f1240c8008d7fc43fe87a0e26a78fe1f1b6d6

  • SHA256

    7e6319c5ba4e4b64256c8df9c7a1d62705c9b55627d151c24fbcb372df83cc50

  • SHA512

    03f1f0cd120d159f8b95fe71491c3899d36ae1897770c002ab1f75cf0888992bc72516b19f7b6ae1f7a3aac39a50c3f005f0589eb6df34985eed4b0fa4a60107

Score
1/10

Malware Config

Signatures

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\oslo\they.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4436
    • C:\Windows\system32\regsvr32.exe
      C:\Windows\\\\\\system32\\\\\\regsvr32.exe oslo\trudge.dat
      2⤵
        PID:4204
      • C:\Windows\system32\PING.EXE
        ping google.com
        2⤵
        • Runs ping.exe
        PID:428

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads