0879ebf8777d574b944b015cedacef86e779da5738fb43ca6b9d7042346b0e3d | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20-04-2023 18:50

Sharing

Report Analysis Logs

General

Target

ASSAILED/UNFIBBED.cmd
Size

483B
MD5

cc1f7cdaa6268958ed451dd0d81b364c
SHA1

652edc691690f87582f334685ba60524d6531d4b
SHA256

53a72331d0a635fcf9b4c1f22228e24819998b07bc53ecce786158581477c756
SHA512

68d50c41fa7fcf36b483cd2a7c4f585899d0e57e0bbe456e92d2efe07c62e042772cf4e5dc980491e4fa33edbca5743fa30b8b8ed42e78c018930254c030b477

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1432 wrote to memory of 1416	1432	cmd.exe	rundll32.exe
PID 1432 wrote to memory of 1416	1432	cmd.exe	rundll32.exe
PID 1432 wrote to memory of 1416	1432	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ASSAILED\UNFIBBED.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1432

C:\Windows\system32\rundll32.exe
rundll32 ASSAILED/HORATIAN.DAT,init
2⤵
PID:1416

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...