47959778e5198ed2c06e6fcd35ed633e69ee3adf098aade13a6118f0d9db69f3 | Triage

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-06-2022 17:26

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

191B
MD5

dd156bbe1aebb324ea62611e7261bb25
SHA1

767d652a462a1d7cd710c49b3ffc2ecbb224beca
SHA256

e186ec154043943a8f05303633a2938ced627f4661b08ab345cc12a4b657ee53
SHA512

27d47ecc508735beea48070b5b229c97e0346fe99160d817ac5e8b10e34d83f69cd489eeb156489e4a6c06ce38abee7e80a52bf3b1271d229d48eaa0da0d54a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 3316 wrote to memory of 2064 3316 cmd.exe rundll32.exe
PID 3316 wrote to memory of 2064 3316 cmd.exe rundll32.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3316

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\erupt-x32.dat,DllMain --ma="license.dat"
2⤵
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2064-130-0x0000000000000000-mapping.dmp

Download