0b9921dfa3983a6d7431b0b5549e24301eca202f4299512fbf93a89f8d6c756d | Triage

Analysis

max time kernel
36s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-08-2022 16:47

Sharing

Report Analysis Logs

General

Target

cmd.bat
Size

186B
MD5

449ca6f684e787e425d1078dbe5b3753
SHA1

5e20a80fecdd8393e163d09f71b857de0e5cff5e
SHA256

b3707c03eadf5cc88bd4c855ba3e85cb38617de8c3fe794ad56ce5557f385d68
SHA512

e97a20c9d73b774d1dcf9a7691a5d696e200c0b0587c3c80c1ea87c46e3f9282638c6f9acaeb716a75ee0a36e9a8a960291acf0a8aad52a50aa2f6624aa91ceb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1272 wrote to memory of 728	1272	cmd.exe	rundll32.exe
PID 1272 wrote to memory of 728	1272	cmd.exe	rundll32.exe
PID 1272 wrote to memory of 728	1272	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\cmd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1272

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\manage-32.dat,#1 --be="license.dat"
2⤵
PID:728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/728-54-0x0000000000000000-mapping.dmp

Download