e013f0f9c4d2ca2796afa87caec427308becf7f52b470374a80271f1035b5922 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 05:41

Sharing

Report Analysis Logs

General

Target

/_Create installation script.cmd
Size

1KB
MD5

d96183ad20b7152c83c1455d0e98116c
SHA1

905a8317a8892ae2170c2aabbcf3846fd7244272
SHA256

b276580e201b8e46386e0203a5c9ac9ebc6c9b9a68ff8890f78c18e20c9bfa82
SHA512

b1e993d843222afdc71939d8f92ab77faae21cee7cc56718033ecbf730e9df0b792dff0505d09cfe046ae72b3417aa9d6d1c6430a13bc3da8043582f718ae859

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2068	Internet Download Manager 6.41.18.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2068	3032	cmd.exe	29
PID 3032 wrote to memory of 2068	3032	cmd.exe	29
PID 3032 wrote to memory of 2068	3032	cmd.exe	29
PID 3032 wrote to memory of 2068	3032	cmd.exe	29
PID 3032 wrote to memory of 2068	3032	cmd.exe	29
PID 3032 wrote to memory of 2068	3032	cmd.exe	29
PID 3032 wrote to memory of 2068	3032	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\\_Create installation script.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\\Internet Download Manager 6.41.18.exe
  "Internet Download Manager 6.41.18.exe" /SAVEINF="setup.ini"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2068-54-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2068-56-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download