45449bf222593b8ba442e660e3a1b2ffaa58a92ae0c56627cfe9c4bcf7b93cdc | Triage

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-06-2022 15:36

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

189B
MD5

6f15cd0263b458116b6698e266ab989c
SHA1

83b44519c7a36583e69f2b65dc44738b3ee63145
SHA256

9b584a85e3fa666d0e2d6e699f2c1380a788cae2183e417ddd7b58a3939b9112
SHA512

892c34b984ac66748e54da0f0b9728c2a02c7bb6932e6fb385daed8f0b855198d3be91d6ade589827e43b2604b186fe7c39b5ffae6589d6cb2037595c3a56866

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1068 wrote to memory of 1724	1068	cmd.exe	rundll32.exe
PID 1068 wrote to memory of 1724	1068	cmd.exe	rundll32.exe
PID 1068 wrote to memory of 1724	1068	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1068

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\mesh-64.dat,DllMain --ma="license.dat"
2⤵
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-54-0x0000000000000000-mapping.dmp

Download