4e3ddf9f7e1e165f80b9bbc707e05a5c4ecc6e62eb564a08f58d77b123729953 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
27-06-2022 04:30

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

188B
MD5

e327a2a86e93b203e7438b152593bfaa
SHA1

08a547e8537daee3aa01488a71552f7b1e950593
SHA256

a5e8e054e82e9e3aa3a7fc2b74c6682575e9effcaba6ea81e2f6536701bc178f
SHA512

07abaf37bbee838cb21f96c76e093fae43da302ab42415bef2888dbd05ac0932084ce94a070e30ede22becc274c7a76c4c904bb3a65d8427ba805b8c980769d5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1228 wrote to memory of 1092	1228	cmd.exe	rundll32.exe
PID 1228 wrote to memory of 1092	1228	cmd.exe	rundll32.exe
PID 1228 wrote to memory of 1092	1228	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\panda_.tmp,DllMain --ma="license.dat"
2⤵
PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-54-0x0000000000000000-mapping.dmp

Download