cc8ccd77250ff580a83adfcf189f79f5fbff4bf337b7a85c42062c6a15a26204 | Triage

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
05-07-2022 22:07

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

191B
MD5

6bc8e4b5ba872d45efaca23a67d7b371
SHA1

97c5b35b39f32b356dc9337efbd3b1a7eda8de84
SHA256

6903d7c37e936ab55eac34849d59b338da9ff39eb57f2b5de533638a247a560e
SHA512

ffd6afbd2e3450c15ee46500d2e16574a50b8719903590bd6efb5c9c33184eceeba2a8abc0c76ba762e161fa4ee8b48a8842178ac9a39ceeda406aafbaf702f9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 316 wrote to memory of 1108	316	cmd.exe	rundll32.exe
PID 316 wrote to memory of 1108	316	cmd.exe	rundll32.exe
PID 316 wrote to memory of 1108	316	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:316

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\borrow-64.tmp,DllMain --ma="license.dat"
2⤵
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-54-0x0000000000000000-mapping.dmp

Download