Overview

overview

10

Static

static

cmd.bat

windows7-x64

1

cmd.bat

windows10-2004-x64

1

winter-.dll

windows7-x64

10

winter-.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2022 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cmd.bat

  • Size

    184B

  • MD5

    a8d097c4b5b56a3b864107da9275de81

  • SHA1

    631dad0d2d6cc7dd2add1dfc57a6717bc1dcd9c4

  • SHA256

    c9598b2fde394149f3a1ee115a9576edf8ad789200271c130991b4d6fd948d4c

  • SHA512

    e1b64017107ce35554847f02461acea5ab8f0ded5ff7e7360c483ff3748331e1af70bdce453772ad795849a08f1bf8789b23f58988a70a4191226548c7cf5843

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\winter-.dat,#1 --be="license.dat"
      2⤵
        PID:536

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/536-54-0x0000000000000000-mapping.dmp
      Download