Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-02-2024 23:36
Behavioral task
behavioral1
Sample
Batch CIA 3DS Decryptor.bat
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Batch CIA 3DS Decryptor.bat
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
ctrtool.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
ctrtool.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
decrypt.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
decrypt.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
makerom.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
makerom.exe
Resource
win10v2004-20231222-en
General
-
Target
Batch CIA 3DS Decryptor.bat
-
Size
2KB
-
MD5
5d86ad3b724a51f72610afdb98c34929
-
SHA1
9e37208a037b7112773a865742b7cdd7124c4cd1
-
SHA256
8d412ad0edeeac91f56841f7d71076846e3b9d7acb7bc7214ccfb910661e3f82
-
SHA512
851b1da7142fd649cc51c390a1b0420beedf198d050a9f8f9bdcb4075ae39c98504b7f543a26fae48bdd6159f5ab722cd492c52636b5d3ad695311b5513797b8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2440 wrote to memory of 2736 2440 cmd.exe mode.com PID 2440 wrote to memory of 2736 2440 cmd.exe mode.com PID 2440 wrote to memory of 2736 2440 cmd.exe mode.com