2ada2c277892b76f242995180ebee3393c4aacd7934e45a0cb0d31908fe80daa | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
14-06-2022 17:05

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

189B
MD5

15e53617ac033bfb8e39e4b2e6a205d8
SHA1

74cd6a833a9e82f759da891a30f5fc68442ad13e
SHA256

8c5b1a0e4c360dc229095142e928c7a471486a7dee182aded26c9574d50fbef7
SHA512

bc58b9a17f06466532a1a2bc2853139d92099087f24196c87b71208201bfbd3ab568d2509472104011df3db62184d88ddaf4f1c01ffff38a302fd30b6cbfcbd3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1376 wrote to memory of 1764	1376	cmd.exe	rundll32.exe
PID 1376 wrote to memory of 1764	1376	cmd.exe	rundll32.exe
PID 1376 wrote to memory of 1764	1376	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\crack64.dat,DllMain --ma="license.dat"
2⤵
PID:1764

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-54-0x0000000000000000-mapping.dmp

Download