ac8961a113621c2d483f80e21951026145b184311f3b34fb2f6880cdcf81871e | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-01-2023 18:58

Sharing

Report Analysis Logs

General

Target

WORKHAND/EXCRESCE.cmd
Size

492B
MD5

0650f88626b8f6ee0a6ba864a3537fdf
SHA1

2a0a2e836822136b53806fb2f3d254cc3d881a80
SHA256

6a24b2f7b1c26f515b77c975d1b605377955924cf9c014934210df260057a1a9
SHA512

efa478b0cf900e9344fae963182d848c44e5431f318705927f7aa5e013520233b38b1fdbfe9110d9175dea6358933e6cee77b80f2a30f66a7f4ba5fcc4eab2b9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1476 wrote to memory of 928	1476	cmd.exe	rundll32.exe
PID 1476 wrote to memory of 928	1476	cmd.exe	rundll32.exe
PID 1476 wrote to memory of 928	1476	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\WORKHAND\EXCRESCE.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476

C:\Windows\system32\rundll32.exe
rundll32 WORKHAND/DIURESIS.DAT,init
2⤵
PID:928

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/928-54-0x0000000000000000-mapping.dmp

Download