Overview

overview

3

Static

static

3

Configurar.cmd

windows7-x64

1

Configurar.cmd

windows10-2004-x64

1

Instalar.cmd

windows7-x64

1

Instalar.cmd

windows10-2004-x64

1

Mono.Security.dll

windows7-x64

1

Mono.Security.dll

windows10-2004-x64

1

Npgsql.dll

windows7-x64

1

Npgsql.dll

windows10-2004-x64

1

System.Dat...te.dll

windows7-x64

1

System.Dat...te.dll

windows10-2004-x64

1

System.Net.Http.dll

windows7-x64

1

System.Net.Http.dll

windows10-2004-x64

1

System.ValueTuple.dll

windows7-x64

1

System.ValueTuple.dll

windows10-2004-x64

1

TCore.dll

windows7-x64

1

TCore.dll

windows10-2004-x64

1

TNrgyBss.dll

windows7-x64

1

TNrgyBss.dll

windows10-2004-x64

1

TNrgyModbusServer.exe

windows7-x64

1

TNrgyModbusServer.exe

windows10-2004-x64

1

en/TCore.r...es.dll

windows7-x64

1

en/TCore.r...es.dll

windows10-2004-x64

1

en/TNrgyBs...es.dll

windows7-x64

1

en/TNrgyBs...es.dll

windows10-2004-x64

1

en/TNrgyMo...es.dll

windows7-x64

1

en/TNrgyMo...es.dll

windows10-2004-x64

1

es/TCore.r...es.dll

windows7-x64

1

es/TCore.r...es.dll

windows10-2004-x64

1

es/TNrgyBs...es.dll

windows7-x64

1

es/TNrgyBs...es.dll

windows10-2004-x64

1

es/TNrgyMo...es.dll

windows7-x64

1

es/TNrgyMo...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Configurar.cmd

  • Size

    30B

  • MD5

    0872989105f448cfe9265f031357f1f2

  • SHA1

    80a267002ce6fc193cc3e6289e21a3c6ac27174d

  • SHA256

    35bdff29e226f5fc3d0e3dc4cb4a63936818b3b6cad4717a015a9f951149fb71

  • SHA512

    179c1bb6ca81b770e8293ea1474c83416119278881d7f4e1bb6e193712225b44996e4f5fb46178b0d27215e7cd4d391ee96f3f4c138056d891d4314e6c9691aa

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TNrgyModbusServer.exe
    TNrgyModbusServer.exe config
    1⤵
    • Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:2864
  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Configurar.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\themis.ini
    Filesize

    18B

    MD5

    17866755e608b82db866404a203988cd

    SHA1

    cc29169e00fe92c5e507017d69dab0aadf96bc8d

    SHA256

    2e3fdab78b0b8bd0b4f8abc59bfeb06001d72d6b5c8411ccf9259e14db0fc8b4

    SHA512

    538919ed48dff04535cb8f0ddae4cc540b0f3549ed151398b23a25c19fae8722846bbc0c43c19adac7925d751c494451e1b6bc180e9b875d99e7b90dc15f5abe

    Download Submit

  • memory/2864-0-0x0000000000840000-0x000000000085E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2864-2-0x0000000004770000-0x000000000489E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2864-3-0x00000000048A0000-0x000000000491C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2864-1-0x0000000073EF0000-0x00000000745DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2864-4-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2864-10-0x00000000064D0000-0x00000000065FE000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2864-8-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2864-11-0x0000000004C80000-0x0000000004CA0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2864-73-0x0000000073EF0000-0x00000000745DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2864-74-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2864-75-0x0000000004FB0000-0x0000000004FF0000-memory.dmp

    Filesize

    256KB

    Download