47959778e5198ed2c06e6fcd35ed633e69ee3adf098aade13a6118f0d9db69f3 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-06-2022 17:26

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

191B
MD5

dd156bbe1aebb324ea62611e7261bb25
SHA1

767d652a462a1d7cd710c49b3ffc2ecbb224beca
SHA256

e186ec154043943a8f05303633a2938ced627f4661b08ab345cc12a4b657ee53
SHA512

27d47ecc508735beea48070b5b229c97e0346fe99160d817ac5e8b10e34d83f69cd489eeb156489e4a6c06ce38abee7e80a52bf3b1271d229d48eaa0da0d54a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1836 wrote to memory of 1988	1836	cmd.exe	rundll32.exe
PID 1836 wrote to memory of 1988	1836	cmd.exe	rundll32.exe
PID 1836 wrote to memory of 1988	1836	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\erupt-x32.dat,DllMain --ma="license.dat"
2⤵
PID:1988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-54-0x0000000000000000-mapping.dmp

Download