98e311767e264b8e60998f557683399ad6a3bacffc3960f87fee74ad0e199071 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-06-2022 16:57

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

192B
MD5

2ba4cdb275178d03055e23e5a9065a1c
SHA1

737372b47f45e4d5862e6ff2875a94b2c8b7ae12
SHA256

0218a30d52297f6d8a36a833b8a67b51e290ea7cebd6c403cf8cd7fb9dec5250
SHA512

c4c083c98fb790e03679d41b42e021a4a595203fccbda52142d3564640b76b46fc4130034c0a8e7e0d9f6c8ee49bcdad96e786a9f26028fe242ec43aeb4f15fc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1092 wrote to memory of 1648	1092	cmd.exe	rundll32.exe
PID 1092 wrote to memory of 1648	1092	cmd.exe	rundll32.exe
PID 1092 wrote to memory of 1648	1092	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\exhibitx32.tmp,DllMain --ma="license.dat"
2⤵
PID:1648

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-54-0x0000000000000000-mapping.dmp

Download