24a8238b04834a0988cc07fafa775e12288912131b1f70064a151d3b5413c713 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
02-08-2022 16:35

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

187B
MD5

4bc3a9e4bff070d13b96623e7a6c5115
SHA1

34bfea8b8fa73162b83f4faf7537ea1e0224980b
SHA256

1e7cb59716562b1b0f306e8711e78d6f94fd6314f676b389e94f38583d3dfc6d
SHA512

20c9778aba533d08b014f72172a79284dde6d8bea8c118284332d6ac7b151552bf9ee1bb396f6cb992637d47c6b4c9d51eb13a6aa1258d87b2a5bffa21cec275

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1212 wrote to memory of 1972	1212	cmd.exe	rundll32.exe
PID 1212 wrote to memory of 1972	1212	cmd.exe	rundll32.exe
PID 1212 wrote to memory of 1972	1212	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\oxygen-x64.dat,#1 --be="license.dat"
2⤵
PID:1972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-54-0x0000000000000000-mapping.dmp

Download