5f69e700adcba2984bc3708a55cd75f19b0d79d251e4f0e2c0d1164444160a11 | Triage

Analysis

max time kernel
29s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-04-2023 17:09

Sharing

Report Analysis Logs

General

Target

OBSESSOR/SUNLANDS.cmd
Size

514B
MD5

5faed7456689a1f3be114145965bf41a
SHA1

0fbd2087c7dfa29bfec1bee79fffee707f1b73ae
SHA256

7796913738f58c2956952616818ce6ac259848f4e0523961ad0010b1cbca4049
SHA512

92a908394eed977be8d95f7aa229e77040cda9b5d085bb6f27544b89a52a00dfbfc216c65edb4b28b0f56324b79caae67cc685e9cbcd4bc156bce6ed6c15be27

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1108 wrote to memory of 2016	1108	cmd.exe	rundll32.exe
PID 1108 wrote to memory of 2016	1108	cmd.exe	rundll32.exe
PID 1108 wrote to memory of 2016	1108	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\OBSESSOR\SUNLANDS.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\system32\rundll32.exe
rundll32 OBSESSOR/WOOZIEST.DAT,init
2⤵
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...