1d6a67bfae44e5e9b8b6351737fb90472c7b62b38952e21b141fd7de2e4e2781 | Triage

Analysis

max time kernel
36s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
04-06-2022 13:49

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

188B
MD5

d67f758395e66ed03d9065d8c23f2894
SHA1

1d635b99201ef4551132d29495e0c259404bd5eb
SHA256

afc903fcce880470df94d38d1f877c114c16ba78d2a25a0b9094c99e425f3586
SHA512

d48a6f81dc69bf0b9024e775c8620c504f1563e57978213635e3ebd546c450a3e8c621ba58d1dc1d1c2f71b4563ff8c7abd0915255874a59bfb4917c2cb2ff5f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1884 wrote to memory of 1672	1884	cmd.exe	rundll32.exe
PID 1884 wrote to memory of 1672	1884	cmd.exe	rundll32.exe
PID 1884 wrote to memory of 1672	1884	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1884

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\labor-.tmp,DllMain --ma="license.dat"
2⤵
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-54-0x0000000000000000-mapping.dmp

Download