998e98ab6b5c84f67152d4abe86a7791e12f9b75860c1845c19a57dba026a4bd | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 16:17

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

192B
MD5

107c44d263a8493262a29dfaab37a816
SHA1

ac8ec75279dc3cec80d0db2feb63411043008167
SHA256

fc524121e2ec4f1189519110aed7d7e2f24257e20d077b8cd99af9fd6eaa158a
SHA512

5a3a106bf1ef636ef91204fe40341f5e3dd725298c5ce6d614e150c4a26b58726df3f573c3cc1ee91a4de5431115274c4c18047c5b384001f932d6cf75e7f4d7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 644 wrote to memory of 1892	644	cmd.exe	rundll32.exe
PID 644 wrote to memory of 1892	644	cmd.exe	rundll32.exe
PID 644 wrote to memory of 1892	644	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:644
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\fortune_64.dat,DllMain --ma="license.dat"
  2⤵
  PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-54-0x0000000000000000-mapping.dmp

Download