Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
20-04-2023 18:50
Static task
static1
Behavioral task
behavioral1
Sample
ASSAILED/HORATIAN.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ASSAILED/HORATIAN.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
ASSAILED/UNFIBBED.cmd
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
ASSAILED/UNFIBBED.cmd
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
PHIMOSES.lnk
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
PHIMOSES.lnk
Resource
win10v2004-20230220-en
General
-
Target
ASSAILED/UNFIBBED.cmd
-
Size
483B
-
MD5
cc1f7cdaa6268958ed451dd0d81b364c
-
SHA1
652edc691690f87582f334685ba60524d6531d4b
-
SHA256
53a72331d0a635fcf9b4c1f22228e24819998b07bc53ecce786158581477c756
-
SHA512
68d50c41fa7fcf36b483cd2a7c4f585899d0e57e0bbe456e92d2efe07c62e042772cf4e5dc980491e4fa33edbca5743fa30b8b8ed42e78c018930254c030b477
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1432 wrote to memory of 1416 1432 cmd.exe rundll32.exe PID 1432 wrote to memory of 1416 1432 cmd.exe rundll32.exe PID 1432 wrote to memory of 1416 1432 cmd.exe rundll32.exe