Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-10-2024 06:44
Behavioral task
behavioral1
Sample
cmd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cmd.exe
Resource
win10v2004-20241007-en
General
-
Target
cmd.exe
-
Size
6.8MB
-
MD5
8195a06ffd3a0423e0698dd4d06a0cb9
-
SHA1
afc80695865beea92f665cf1d8b33ebae71f40ac
-
SHA256
b3ce55c72f4e23252235f9698bd6078880ceaca310ba16ee859a5a2d6cc39a92
-
SHA512
69ad1591ca03e9ef764a592a2b21919a60fea0e08e3a11ed3c38f8cf9d065b3d44dddc268186fc1a783339d019559937bb8de97c2ac9f99ee75107a372f3f4a1
-
SSDEEP
98304:YkkwN+MdA5wqMk98MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBnLnx:YkV15B6ylnlPzf+JiJCsmFMvcn6hVvl
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
cmd.exepid Process 2256 cmd.exe -
Processes:
resource yara_rule behavioral1/files/0x0005000000019438-21.dat upx behavioral1/memory/2256-23-0x000007FEF6130000-0x000007FEF671A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid Process procid_target PID 2060 wrote to memory of 2256 2060 cmd.exe 31 PID 2060 wrote to memory of 2256 2060 cmd.exe 31 PID 2060 wrote to memory of 2256 2060 cmd.exe 31
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD51e76961ca11f929e4213fca8272d0194
SHA1e52763b7ba970c3b14554065f8c2404112f53596
SHA2568a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0
SHA512ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b