953592b85e8972a6496f4f6674b260829cda59c6876ca4a15d03d8440ecc62f6 | Triage

Resubmissions

09-07-2024 02:17

240709-cqtpza1err 8

Analysis

max time kernel
92s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-es
resource tags

arch:x64arch:x86image:win10v2004-20240704-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
09-07-2024 02:17

Sharing

Report Analysis Logs

General

Target

Trap-Stealer/trap detection/final.bat
Size

1KB
MD5

14ae9511632e6d1074d00a3a586dbb6b
SHA1

02190716b6cd5340f26df8c219354d44940da4f7
SHA256

2e354bb57bd630705cb071e8fedfaae5576946f298372c4816a5a062bb7ce6f7
SHA512

f1ddaede05f1054cf3c851b5090a93bd41925edc3e2fadc1e74c20dc7a9dc9ae4d43cc60e2b122a9a910e65d9e4996580b0c2e1c066652c38410f8fbd39e56bf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 3112 wrote to memory of 2976 3112 cmd.exe iexpress.exe
PID 3112 wrote to memory of 2976 3112 cmd.exe iexpress.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Trap-Stealer\trap detection\final.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3112

C:\Windows\system32\iexpress.exe
iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\2exe.sed
2⤵
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2exe.sed
Filesize
1KB

MD5
fdb29417e979601ff9e1a2356ff8d83d

SHA1
8e6829eaef017c4c30bae2a6be6470ab908e3eef

SHA256
3e5f04f8ba9300e3cf7267b5004cf69a58984a02356549dba6b6f4f9ac02d467

SHA512
0213c9c590c3a1c824df95d0217c1a3a6b7fad60972dd53283ea38509fe0e63f13ba925f54b0c70e6d88d8e8324dbb292c981e06cf11ba63e64168e996962981

Download Submit