21862f74b9a3c8ab1b83aa71b5334b056015599ff4c864c1c37ca00df8732e42 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
20-11-2023 13:29

Sharing

Report Analysis Logs

General

Target

launcher.bat
Size

85B
MD5

11b18328dbf6f85ca1114d86cbb2cc38
SHA1

49db5b4ea10b9de6582af949d3c9dcf4f1b400fc
SHA256

89e8bc784d49ff6dbbf1670222458fa4cf2e4bb736f18bf2d17ccc06a1c4ba21
SHA512

2696f155124c09db32ce58a3393bdf6144a03c3aecd4eadfbaa9f3525a1134bd513ea2e7457dd3dfb2828007578b97a54ed2f91313d57bf1dc6a2d45d6ea3cad

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1420	1964	cmd.exe	29
PID 1964 wrote to memory of 1420	1964	cmd.exe	29
PID 1964 wrote to memory of 1420	1964	cmd.exe	29
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30
PID 1420 wrote to memory of 2368	1420	rundll32.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\system32\rundll32.exe
  rundll32.exe 17112023_2229_Anesthesiology__.dll, Throw
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe 17112023_2229_Anesthesiology__.dll, Throw
    3⤵
    PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-0-0x0000000000130000-0x0000000000133000-memory.dmp

Filesize
12KB

Download
memory/2368-1-0x0000000010000000-0x00000000100CB000-memory.dmp

Filesize
812KB

Download