Overview
overview
10Static
static
1RR.lnk
windows7-x64
3RR.lnk
windows10-2004-x64
10vibrations...ss.exe
windows7-x64
vibrations...ss.exe
windows10-2004-x64
1vibrations/croaks.sql
windows7-x64
3vibrations/croaks.sql
windows10-2004-x64
3vibrations...id.cmd
windows7-x64
1vibrations...id.cmd
windows10-2004-x64
1Analysis
-
max time kernel
104s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2023, 22:02
Static task
static1
Behavioral task
behavioral1
Sample
RR.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RR.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
vibrations/airtightness.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
vibrations/airtightness.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
vibrations/croaks.sql
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
vibrations/croaks.sql
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
vibrations/polaroid.cmd
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
vibrations/polaroid.cmd
Resource
win10v2004-20230220-en
General
-
Target
vibrations/polaroid.cmd
-
Size
244B
-
MD5
35489cc30e625da2c3de0d1eed6feaea
-
SHA1
61d664db85b7537dabdbff17c76c34357c3fb9ec
-
SHA256
5437196beb0f70b578ef319b7cec47850d7538661fdbc1ab099ae06615367f45
-
SHA512
8b3083036466a80bfd2107d847650a6c5a9c1a963c97f1105b2f9787aeceea08426fc6a432fa70e7de1c3a601945d4aa0b7da060ad0c5db3508724a739a1e916
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4056 wrote to memory of 3712 4056 cmd.exe 86 PID 4056 wrote to memory of 3712 4056 cmd.exe 86