fd2e50ee4a87fffc019c1cea7f745e477d4e252fd775bc31d9461f48dd3587c5 | Triage

Analysis

max time kernel
90s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
29-06-2022 15:08

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

193B
MD5

13cc1e1c3009c02e7f29d7063b370b32
SHA1

10990555b47ae6e24471a56bc05f5df199098fb7
SHA256

e82c0dab257f175793f1649aa6b0accc434c7d30b5870458381da78622914cbd
SHA512

5722ccf7572a32d039391e002df1de0a50c732a7b717be7b67953b41d70d10b73eae0194c2d7e2957aaaeaa20810201404a5895655870cc10918abb7a1316a52

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 4560 wrote to memory of 4128 4560 cmd.exe rundll32.exe
PID 4560 wrote to memory of 4128 4560 cmd.exe rundll32.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4560

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\mention-x64.tmp,DllMain --ma="license.dat"
2⤵
PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4128-130-0x0000000000000000-mapping.dmp

Download