Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    11-07-2022 16:17

General

  • Target

    cmd.bat

  • Size

    192B

  • MD5

    107c44d263a8493262a29dfaab37a816

  • SHA1

    ac8ec75279dc3cec80d0db2feb63411043008167

  • SHA256

    fc524121e2ec4f1189519110aed7d7e2f24257e20d077b8cd99af9fd6eaa158a

  • SHA512

    5a3a106bf1ef636ef91204fe40341f5e3dd725298c5ce6d614e150c4a26b58726df3f573c3cc1ee91a4de5431115274c4c18047c5b384001f932d6cf75e7f4d7

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\fortune_64.dat,DllMain --ma="license.dat"
      2⤵
        PID:1892

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1892-54-0x0000000000000000-mapping.dmp