f5628f5e31a100bd7f64c47908035d5b9b35f7f375e2a13d25b2370b8500b9ca | Triage

Resubmissions

07-03-2022 21:46

220307-1my3aagbh2 10

28-02-2022 09:51

220228-lvldtsdhg4 10

24-02-2022 19:51

220224-yk4hwaehap 1

Analysis

max time kernel
4294180s
max time network
122s
platform
windows7_x64
resource
win7-20220223-en
submitted
24-02-2022 19:51

Sharing

Report Analysis Logs

General

Target

core.bat
Size

184B
MD5

59aa96fcaa1a3b7331758f7a7ae1f343
SHA1

198ffe332e90207fdb7b97da04770b001c0c5cbf
SHA256

5be1931accf2a90e273312b779a873e847ad965e6e11c04e9b83603d4e6e7491
SHA512

c67253d6d602e150e85e121b2d8d9dedfa72c3ea1950d6a50a8e52a201f06ff9e701acee04b49e682158fb9860c77fd7ad117e20d9c4c8b03938e53e7d6e99c7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1872	1516	cmd.exe	28
PID 1516 wrote to memory of 1872	1516	cmd.exe	28
PID 1516 wrote to memory of 1872	1516	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\core.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\strike64.tmp,DllMain /i="license.dat"
  2⤵
  PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads