8d82b711e0bea0c323e3de973aa47fe3e0f9a4545697256af077355547f925c2 | Triage

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-06-2022 16:19

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

193B
MD5

faf8dc2a8eb9c9bf1cef6c7c913d85d4
SHA1

c73af425a16eedf676f41f84fb0641352321308f
SHA256

d6e9afaa5139e91b9e9c3775ea4925c28adb41a9b88a51d7d748bb5c39275a04
SHA512

fceaa9be6a330621d38c5e99dcd8d4a716e82da5d62175a09fccc878b716eaff34be6b07aaad36c84e637394d062b7e1e6a64f3445b742242b68196d4abeb3be

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1056 wrote to memory of 1984	1056	cmd.exe	rundll32.exe
PID 1056 wrote to memory of 1984	1056	cmd.exe	rundll32.exe
PID 1056 wrote to memory of 1984	1056	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1056

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\festival-64.tmp,DllMain --ma="license.dat"
2⤵
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-54-0x0000000000000000-mapping.dmp

Download