50bb5620a6fc53335c175ae74a6e5b5f63b2b3f64d459a17fe190e4e00ead36a | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 15:47

Sharing

Report Analysis Logs

General

Target

launcher.bat
Size

70B
MD5

70c96b6b962525522af80754c7bcd149
SHA1

53f0dfda950efc0accdf179c43df49ffc1709787
SHA256

98bb57008710d6606f39855433c3f080921cddcd23efa6862208fd8749258976
SHA512

830468a2ed9d2334a73381b833e6bbe2de79482efc20cb8e2af36522df57295e88efabe66e3b8b5310338eca44429817570220d7d5cf32285a05fb9d1a5a7dfb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3028	rundll32.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 3012	2924	cmd.exe	29
PID 2924 wrote to memory of 3012	2924	cmd.exe	29
PID 2924 wrote to memory of 3012	2924	cmd.exe	29
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30
PID 3012 wrote to memory of 3028	3012	rundll32.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\system32\rundll32.exe
  rundll32.exe 3290.png.dll,GetModuleProp
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe 3290.png.dll,GetModuleProp
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000000200000-0x0000000000236000-memory.dmp

Filesize
216KB

Download
memory/3028-1-0x0000000000200000-0x0000000000236000-memory.dmp

Filesize
216KB

Download