a3aa724dbfe8d66266d2a4a8cd7982442a3416d792529cff9751bb4e69f9ca81 | Triage

Resubmissions

28-02-2022 09:51

220228-lvgewadhg2 10

24-02-2022 22:35

220224-2hx5vsdge4 1

Analysis

max time kernel
4294183s
max time network
125s
platform
windows7_x64
resource
win7-20220223-en
submitted
24-02-2022 22:35

Sharing

Report Analysis Logs

General

Target

core.bat
Size

184B
MD5

4da584cc0a5ded0c902627093ab8721b
SHA1

a6bb30b50718813a72cbd58ba148bc3c9a17c3f0
SHA256

bcc176e2ec1bddb1518bcacb07fef99fe1812e204e990424549f11862aaa757c
SHA512

d611696d95dd76f1c3f7ab90c370ccb734f1912ff340d28c5a050d0fb072c7914c3bd15ea30f8f2873fdb17f0b93da92eaa7eecc3b245e23c972c700777be804

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1124 wrote to memory of 1564	1124	cmd.exe	rundll32.exe
PID 1124 wrote to memory of 1564	1124	cmd.exe	rundll32.exe
PID 1124 wrote to memory of 1564	1124	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\core.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1124

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\planet64.tmp,DllMain /i="license.dat"
2⤵
PID:1564

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...