e3f4d3ddfa1da0567d74ec16bf3220c061afdaac53e8583db1672bcbee41118d | Triage

Analysis

max time kernel
1560s
max time network
1561s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 15:23

Sharing

Report Analysis Logs

General

Target

NetWare/debug/debug.cmd
Size

132B
MD5

6caa4107ee880d62efdcf1fd6d5f22ab
SHA1

08ae45a4c1f2fbe444f1f01d308f0dd925df1622
SHA256

6729d79945b9147d861f7788e0ba45f3e11cf88abfec53b24c469203d5c6cc7e
SHA512

6510cf4476025998b4061fc27cb3a7ededd9fbdeb53d043fe45480784f13bf72e050fa1e5de0ca1f620ffd7a6a5df8be669a6012297ec3b00fe23e6dff7131cb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2260	2756	cmd.exe	29
PID 2756 wrote to memory of 2260	2756	cmd.exe	29
PID 2756 wrote to memory of 2260	2756	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\NetWare\debug\debug.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\NetWare\NetWareLoader.exe
  "../NetWareLoader.exe"
  2⤵
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads