2c60009d6c5e0233e44e5ce2628adbef69a25d3bfaec4369831fb04680281c69 | Triage

Analysis

max time kernel
88s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
06-07-2022 18:46

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

192B
MD5

5c4ac14c4bff0c175c0fa0bd2c970c28
SHA1

cd06e3d11b644cdc5a0e04c8869cd1f67eb6e580
SHA256

763abf8fad183dec3479d59a48638d1097ac6c35484d50a5e83fe24324ced91c
SHA512

484fe7f5bd236328e23257faf10951458eb1c8904bdd48e02b893a3d69ff1ab5080fd157473310ae2b63413fc44d9f42946750632fa63fd65337d524fe5106aa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 3388 wrote to memory of 4220 3388 cmd.exe rundll32.exe
PID 3388 wrote to memory of 4220 3388 cmd.exe rundll32.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3388

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\hybrid-x64.dat,DllMain --ma="license.dat"
2⤵
PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4220-130-0x0000000000000000-mapping.dmp

Download