8706238594e89688a27279cc2148a0da409da6108aea7f193a7355a318c063a2 | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
20-11-2023 13:35

Sharing

Report Analysis Logs

General

Target

launcher.bat
Size

78B
MD5

b798e505cab8b4485e6564c2ebe7ca9a
SHA1

dcae7a12511993699e426df80c6a685f0b516d49
SHA256

6c09f67e986a895de62234143490469fcc8bc393c4cc5e8d58346ea5e6f77395
SHA512

9743066cbd1ce7d2795dfbe97ad268258fadd7846bbd9e3ccd25db613d11653fabfd7c1501becad4a5bae332629e8275cedbdd292584ac856770b57d581100bb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

cmd.exerundll32.exe

description	pid	process	target process
PID 2888 wrote to memory of 2160	2888	cmd.exe	rundll32.exe
PID 2888 wrote to memory of 2160	2888	cmd.exe	rundll32.exe
PID 2888 wrote to memory of 2160	2888	cmd.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe
PID 2160 wrote to memory of 2680	2160	rundll32.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\system32\rundll32.exe
  rundll32.exe AlmiqueArtilleryman_pkb.dll, Throw
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe AlmiqueArtilleryman_pkb.dll, Throw
    3⤵
    PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2680-0-0x00000000001F0000-0x00000000001F3000-memory.dmp

Filesize
12KB

Download
memory/2680-1-0x0000000010000000-0x00000000100C7000-memory.dmp

Filesize
796KB

Download
memory/2680-6-0x000000006FC80000-0x000000006FDD5000-memory.dmp

Filesize
1.3MB

Download