70852b2655d502e7246022d44a17e108fa239653d092fad6453723ad9d0ff516 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-06-2023 15:42

Sharing

Report Analysis Logs

General

Target

run.bat
Size

36B
MD5

71dbafb4d8b4ab6856c91c4df2a7eed6
SHA1

e53648a3af8622c24154e5d80bd034b0176c6fe7
SHA256

b2f0c7ad2537c7471b0a9796b895f2b0bc0747ce7322eba096a64db1a3bc245f
SHA512

f83fd5a8bae917905efd0e9f034cdd25c7fc9d7d6149b4e11aed6fa66aeab55ee5fb135295df6e863957c9fe86228aca9e0b9870050fb0c8af563bb3a547a9fa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1156	1712	cmd.exe	28
PID 1712 wrote to memory of 1156	1712	cmd.exe	28
PID 1712 wrote to memory of 1156	1712	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sample.dll,vcab
  2⤵
  PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads