Analysis
-
max time kernel
29s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26-04-2023 17:09
Static task
static1
Behavioral task
behavioral1
Sample
OBSESSOR/SUNLANDS.cmd
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
OBSESSOR/SUNLANDS.cmd
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
OBSESSOR/WOOZIEST.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
OBSESSOR/WOOZIEST.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
VANDALIC.lnk
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
VANDALIC.lnk
Resource
win10v2004-20230221-en
General
-
Target
OBSESSOR/SUNLANDS.cmd
-
Size
514B
-
MD5
5faed7456689a1f3be114145965bf41a
-
SHA1
0fbd2087c7dfa29bfec1bee79fffee707f1b73ae
-
SHA256
7796913738f58c2956952616818ce6ac259848f4e0523961ad0010b1cbca4049
-
SHA512
92a908394eed977be8d95f7aa229e77040cda9b5d085bb6f27544b89a52a00dfbfc216c65edb4b28b0f56324b79caae67cc685e9cbcd4bc156bce6ed6c15be27
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1108 wrote to memory of 2016 1108 cmd.exe rundll32.exe PID 1108 wrote to memory of 2016 1108 cmd.exe rundll32.exe PID 1108 wrote to memory of 2016 1108 cmd.exe rundll32.exe