b48c6ee90905955194c2864cd4ff8618c7df2a301df6740ce9f9065f5cb04fa9 | Triage

Analysis

max time kernel
135s
max time network
137s
platform
windows10_x64
resource
win10
submitted
11-07-2020 06:09

Sharing

Report Analysis Logs

General

Target

Purchase Order.bat.exe
Size

636KB
MD5

ace1743de37105aeb5e6cf139a027e5a
SHA1

556199c8f60b485e6310a93747f7e16c01fca892
SHA256

b48c6ee90905955194c2864cd4ff8618c7df2a301df6740ce9f9065f5cb04fa9
SHA512

a73572da43f5c293a22f4a7baad52da8df169fa72567736816d28eb289ea91847419cb5278c6eb9d184d14380e867a30580a487922daacf32a1462242271a708

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Purchase Order.bat.exe

pid process

3676 Purchase Order.bat.exe
3676 Purchase Order.bat.exe
3676 Purchase Order.bat.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Purchase Order.bat.exe

description	pid	process	target process
PID 3676 wrote to memory of 3440	3676	Purchase Order.bat.exe	cmd.exe
PID 3676 wrote to memory of 3440	3676	Purchase Order.bat.exe	cmd.exe
PID 3676 wrote to memory of 3440	3676	Purchase Order.bat.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Purchase Order.bat.exe
"C:\Users\Admin\AppData\Local\Temp\Purchase Order.bat.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3676

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:3440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3440-2-0x0000000000000000-mapping.dmp

Download