c3b91b018296ca1c8a25133e0dd736b66897afabf4e14563e0b3edd6df9247d9 | Triage

Analysis

max time kernel
109s
max time network
10s
platform
windows7_x64
resource
win7v200722
submitted
24-09-2020 14:22

Sharing

Report Analysis Logs

General

Target

run.bat
Size

75B
MD5

39cbbc9df4cd77e7645fcce24d3cfaf5
SHA1

a4958cdc6d0d945e776413e8207a8f3e3031d0b3
SHA256

8d4e094bce9d659b9783ed6eab5194631d62b5cf686d7451dfdab599e20cb04e
SHA512

4f422ad30eb46afe1e02c9d2ea207dc278093c07da0f5f1f20a42471dd7257391d9d483fe6a8773338d84e3e90d77bbf82031d57b977e7c1321f69cf176e7685

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

javaw.exe

pid process

1792 javaw.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1620 wrote to memory of 1792	1620	cmd.exe	javaw.exe
PID 1620 wrote to memory of 1792	1620	cmd.exe	javaw.exe
PID 1620 wrote to memory of 1792	1620	cmd.exe	javaw.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\system32\javaw.exe
  javaw.exe -jar "C:\Users\Admin\AppData\Local\Temp\ups-label.jar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1792-0-0x0000000000000000-mapping.dmp

Download