Overview
overview
10Static
static
1KYC.lnk
windows7-x64
10KYC.lnk
windows10-2004-x64
10tropically...ng.dll
windows7-x64
10tropically...ng.dll
windows10-2004-x64
10tropically...rs.cmd
windows7-x64
1tropically...rs.cmd
windows10-2004-x64
1tropically...es.cmd
windows7-x64
1tropically...es.cmd
windows10-2004-x64
1Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28/02/2023, 15:12
Static task
static1
Behavioral task
behavioral1
Sample
KYC.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
KYC.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
tropically/blanketing.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
tropically/blanketing.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
tropically/clabbers.cmd
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
tropically/clabbers.cmd
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
tropically/lattices.cmd
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
tropically/lattices.cmd
Resource
win10v2004-20230220-en
General
-
Target
tropically/lattices.cmd
-
Size
310B
-
MD5
936d9d1861a289f8c15696f204590112
-
SHA1
af28a47fa3c1eb2ccf79ac8400af499d9d41be4a
-
SHA256
258b0184c1b23266a8644d74a379aa2043dee712f81ce0a08e11402315b034b4
-
SHA512
dafb28ce519f47c8383bbd29ac4d4cdbad5b82ad858c2d155b31ae2f49e33bd25019476cdd4a78ee1811ef105b9a71e73b02d447987bf55a3756fbd9a8596047
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1716 wrote to memory of 932 1716 cmd.exe 28 PID 1716 wrote to memory of 932 1716 cmd.exe 28 PID 1716 wrote to memory of 932 1716 cmd.exe 28