5cc444824f0354dcddc2c4e53008194c7a6881b5f5f23e05395b6ce83f8c1e91 | Triage

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2022 06:49

Sharing

Report Analysis Logs

General

Target

start.bat
Size

79B
MD5

856e1e39413c15c5de5f1460c50af835
SHA1

3b59339cfcf491cd3546c24995d8a0a61792fd6d
SHA256

5cc444824f0354dcddc2c4e53008194c7a6881b5f5f23e05395b6ce83f8c1e91
SHA512

27e591c7c4bdfc0d4a6925b3c644069fa6d565147187509744f4a053b3b3b472ec294c71c637da0c2d66a6ccd911336df9d7bdc8e66c0edd0158c0c5a40a55b1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

cmd.exe

description pid process target process

PID 2096 wrote to memory of 4772 2096 cmd.exe java.exe
PID 2096 wrote to memory of 4772 2096 cmd.exe java.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096

C:\ProgramData\Oracle\Java\javapath\java.exe
java -Xmx512m -Dinit.value= -jar ctas_export_agent.jar
2⤵
PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4772-132-0x0000000000000000-mapping.dmp

Download