06e82d57983085740a5eea1abb7571df501fc22d8e97aaa3d54e1d4741c0888c | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 15:22

Sharing

Report Analysis Logs

General

Target

launcher.bat
Size

77B
MD5

39b617fde634a280a5b792e641a90dad
SHA1

89a9c7df3a0be92fc457b8a84b4e0a8a5eaaca65
SHA256

8c80a346c9a01feb8e28611585a9264abc1faf288996bb83aaf92f3866802078
SHA512

ed52760d0ef9d1f7491900a0100e528ff2c0e3ef795e5c8e9e1aa71f73c8fbef5c904586a36b638e6fd6953f8bff25588219f2111a4b19e07e212a536f44ef9a

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3020	rundll32.exe
3020	rundll32.exe
3020	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 3020	2656	cmd.exe	29
PID 2656 wrote to memory of 3020	2656	cmd.exe	29
PID 2656 wrote to memory of 3020	2656	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\system32\rundll32.exe
  rundll32.exe dll_one_two.bin,CfGetPlatformInfo
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3020-0-0x0000000000200000-0x0000000000230000-memory.dmp

Filesize
192KB

Download
memory/3020-7-0x00000000001D0000-0x0000000000200000-memory.dmp

Filesize
192KB

Download
memory/3020-6-0x00000000001A0000-0x00000000001CD000-memory.dmp

Filesize
180KB

Download