ede524981a07b4e38695615599b7b0839c2a8125bd372ab4ce4393e298551fc2

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-09-2022 20:17

Target

Discord-All-Tools-In-One-main/setup.bat
Size

138B
MD5

a119c97dadf6c55c78c699e62ba41824
SHA1

580d8334dbdd8785e75c9699905c3b48036e6e64
SHA256

136ef661f3ead5ecb9ce3586e8140dbe21562617fba07310102a8eed60d746ed
SHA512

7849a6d0fc90293bd1efc00dad3f50f69d5b2f3312cf6f81647e5f52bc16e4ec79ffcbe9729746f9af123902e166c583ddfaa0d1cfe873ac69330c1693e5587f

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1780	864	cmd.exe	29
PID 864 wrote to memory of 1780	864	cmd.exe	29
PID 864 wrote to memory of 1780	864	cmd.exe	29
PID 864 wrote to memory of 1000	864	cmd.exe	31
PID 864 wrote to memory of 1000	864	cmd.exe	31
PID 864 wrote to memory of 1000	864	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Discord-All-Tools-In-One-main\setup.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K start_tool.bat
  2⤵
  PID:1780
- C:\Windows\system32\cmd.exe
  cmd /c
  2⤵
  PID:1000

C:\Users\Admin\AppData\Local\Temp\Discord-All-Tools-In-One-main\start_tool.bat

Filesize
17B

MD5
65e5c7f827460ebb2e3f180200afe86e

SHA1
776d739c2a0286844a4e8ea7cbac1e33e97afb4e

SHA256
4c4f3756a56db801fc2ec0e01b5bf5b3eb26bd16e933838a9e70a5474c8ed20a

SHA512
124758083ba5b72fd896a7f468eafc5d9c7ed185a16c4bf5d3735123b0f7c663be20fc4e00f1e785d08fc65f316e123fb4d74c6a1758217ccbc9f6d1c0e52895

Download Submit
memory/1000-55-0x0000000000000000-mapping.dmp

Download
memory/1780-54-0x0000000000000000-mapping.dmp

Download