fbd403eb77a8afdd3c5036235e8afc3256b1da2c5cdc216f319e4fa71f898852 | Triage

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08-12-2022 19:34

Sharing

Report Analysis Logs

General

Target

conf.bat
Size

3KB
MD5

e3fa7caf070132a2fe880ca6dcfede6a
SHA1

51a5b1e0f82449005c5c4864a6e777a3df39686f
SHA256

0cedb3a30881245f9283181855e0d60e8299bbd0a676b7cc493012b9cda00427
SHA512

c40d2593d5484a08a2885f3cb28e15703707f434ee0f6fe7552329bbb8de7c8a9d7dbd4e0c966b583bfafa2eabe0a9ae3927e353b003f6488a2830885e3b0376

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2044	2016	cmd.exe	27
PID 2016 wrote to memory of 2044	2016	cmd.exe	27
PID 2016 wrote to memory of 2044	2016	cmd.exe	27
PID 2016 wrote to memory of 828	2016	cmd.exe	28
PID 2016 wrote to memory of 828	2016	cmd.exe	28
PID 2016 wrote to memory of 828	2016	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\conf.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K copy /y /b C:\Windows\System32\rundll32.exe C:\ProgramData\DAGLhBmCYpVOD.exe
  2⤵
  PID:2044
- C:\Windows\system32\xcopy.exe
  xcopy /h /y tutorials.dll C:\ProgramData
  2⤵
  PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-56-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

Filesize
8KB

Download