41c0cc28124721809be0242cbe90e5f85c5e96dcee248a138cab97f07476bf53 | Triage

Analysis

max time kernel
8s
max time network
19s
platform
windows7_x64
resource
win7v20210408
submitted
15-07-2021 16:02

Sharing

Report Analysis Logs

General

Target

launch.bat
Size

108B
MD5

fd4594751cb4a3b23e54ae582c4dd0e8
SHA1

13218cd2470e14221f6fce227a056ca489c98fa7
SHA256

5d7a9c239af404e403f16dd2f1383aee58721c5cfd66e4e1a40e41aec2da057e
SHA512

34af0afd31ad70d21f642c56d1d14491a82213c2f524c9c24037173109ce88267257a33ee0a03cc8ce430697823833c4567b5fa457c9e8ab29ca638dff85131e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

coordinator.exe

pid process

1808 coordinator.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 364 wrote to memory of 1808	364	cmd.exe	coordinator.exe
PID 364 wrote to memory of 1808	364	cmd.exe	coordinator.exe
PID 364 wrote to memory of 1808	364	cmd.exe	coordinator.exe
PID 364 wrote to memory of 1808	364	cmd.exe	coordinator.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\launch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:364

C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe
"C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe"
2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1808

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-60-0x0000000000000000-mapping.dmp

Download