72aa3e37886acff63285b0752e04c4427dddc35f571be1c5161d56a4d74d57b0 | Triage

Analysis

max time kernel
39s
max time network
42s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
26-07-2022 19:47

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

185B
MD5

7be476743fa5c3c1261fee8b23692308
SHA1

45f82cc673cf14b3c1f1f7b3b212c87ba5e23c5d
SHA256

0d014d94c74ed5030fd939da2aff4c7d8ddc5972c8b16a3069d771c84957dbda
SHA512

ded430c80948acbfc392bcf48eeaf315da5bd21a51bb129cf92486aaf1d5e469e3c02d3cbc1b9fc320a3d9dc50f3face49c3136df4a5f892e39cc7995be8f581

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1672 wrote to memory of 1988	1672	cmd.exe	rundll32.exe
PID 1672 wrote to memory of 1988	1672	cmd.exe	rundll32.exe
PID 1672 wrote to memory of 1988	1672	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\decline_.tmp,#1 --be="license.dat"
2⤵
PID:1988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-54-0x0000000000000000-mapping.dmp

Download