6694bd2b712d89d3cf5a73d32a323a421a16dc8358cd2077511da3b72ba87949 | Triage

Analysis

max time kernel
392s
max time network
444s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
23-05-2023 03:12

Sharing

Report Analysis Logs

General

Target

RunDLL-1.bat
Size

119B
MD5

8212639c038e2f33834dde5ccbc3032c
SHA1

0b72c7e4ad9275c3fd86f7b20df0cbdc11cf28e2
SHA256

ca89200e10ca97229daaef1978d1f1aeb08db1214b90e39bd27e2014fe6a8865
SHA512

edae346d4574ac3885c36fe232a94d6fb63fd3b314eec85dbc311918b64e923a4a87225f7b8e90cad279240c57e33c0906eb63d3a990766b4c672e746503b587

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2612	5040	cmd.exe	67
PID 5040 wrote to memory of 2612	5040	cmd.exe	67

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\RunDLL-1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\ProgramData\Tricliniarch.temsebreadOryctologic,vips
  2⤵
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads