Analysis

  • max time kernel
    40s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-07-2022 22:07

General

  • Target

    cmd.bat

  • Size

    191B

  • MD5

    6bc8e4b5ba872d45efaca23a67d7b371

  • SHA1

    97c5b35b39f32b356dc9337efbd3b1a7eda8de84

  • SHA256

    6903d7c37e936ab55eac34849d59b338da9ff39eb57f2b5de533638a247a560e

  • SHA512

    ffd6afbd2e3450c15ee46500d2e16574a50b8719903590bd6efb5c9c33184eceeba2a8abc0c76ba762e161fa4ee8b48a8842178ac9a39ceeda406aafbaf702f9

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\borrow-64.tmp,DllMain --ma="license.dat"
      2⤵
        PID:1108

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1108-54-0x0000000000000000-mapping.dmp