fd2e50ee4a87fffc019c1cea7f745e477d4e252fd775bc31d9461f48dd3587c5 | Triage

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
29-06-2022 15:08

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

193B
MD5

13cc1e1c3009c02e7f29d7063b370b32
SHA1

10990555b47ae6e24471a56bc05f5df199098fb7
SHA256

e82c0dab257f175793f1649aa6b0accc434c7d30b5870458381da78622914cbd
SHA512

5722ccf7572a32d039391e002df1de0a50c732a7b717be7b67953b41d70d10b73eae0194c2d7e2957aaaeaa20810201404a5895655870cc10918abb7a1316a52

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1644 wrote to memory of 1736	1644	cmd.exe	rundll32.exe
PID 1644 wrote to memory of 1736	1644	cmd.exe	rundll32.exe
PID 1644 wrote to memory of 1736	1644	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\mention-x64.tmp,DllMain --ma="license.dat"
2⤵
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-54-0x0000000000000000-mapping.dmp

Download