50bb5620a6fc53335c175ae74a6e5b5f63b2b3f64d459a17fe190e4e00ead36a | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 15:47

Sharing

Report Analysis Logs

General

Target

launcher.bat
Size

70B
MD5

70c96b6b962525522af80754c7bcd149
SHA1

53f0dfda950efc0accdf179c43df49ffc1709787
SHA256

98bb57008710d6606f39855433c3f080921cddcd23efa6862208fd8749258976
SHA512

830468a2ed9d2334a73381b833e6bbe2de79482efc20cb8e2af36522df57295e88efabe66e3b8b5310338eca44429817570220d7d5cf32285a05fb9d1a5a7dfb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

3028 rundll32.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

cmd.exerundll32.exe

description	pid	process	target process
PID 2924 wrote to memory of 3012	2924	cmd.exe	rundll32.exe
PID 2924 wrote to memory of 3012	2924	cmd.exe	rundll32.exe
PID 2924 wrote to memory of 3012	2924	cmd.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3028	3012	rundll32.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924

C:\Windows\system32\rundll32.exe
rundll32.exe 3290.png.dll,GetModuleProp
2⤵
- Suspicious use of WriteProcessMemory
PID:3012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe 3290.png.dll,GetModuleProp
3⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000000200000-0x0000000000236000-memory.dmp

Filesize
216KB

Download
memory/3028-1-0x0000000000200000-0x0000000000236000-memory.dmp

Filesize
216KB

Download