2c60009d6c5e0233e44e5ce2628adbef69a25d3bfaec4369831fb04680281c69 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
06-07-2022 18:46

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

192B
MD5

5c4ac14c4bff0c175c0fa0bd2c970c28
SHA1

cd06e3d11b644cdc5a0e04c8869cd1f67eb6e580
SHA256

763abf8fad183dec3479d59a48638d1097ac6c35484d50a5e83fe24324ced91c
SHA512

484fe7f5bd236328e23257faf10951458eb1c8904bdd48e02b893a3d69ff1ab5080fd157473310ae2b63413fc44d9f42946750632fa63fd65337d524fe5106aa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1788 wrote to memory of 944	1788	cmd.exe	rundll32.exe
PID 1788 wrote to memory of 944	1788	cmd.exe	rundll32.exe
PID 1788 wrote to memory of 944	1788	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1788

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\hybrid-x64.dat,DllMain --ma="license.dat"
2⤵
PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-54-0x0000000000000000-mapping.dmp

Download