5526e747493f8e529bc5e7eb900394397a7410c2951e98e9a9b1326fb464b955 | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/10/2022, 17:04

Sharing

Report Analysis Logs

General

Target

disallowable/bankbook.cmd
Size

346B
MD5

0454a3e52c0337c01818c6be7a6173ee
SHA1

29a1f1b80f1267b425d114b656a4d4e5c980752d
SHA256

266179bdf1565db9e968169e16a82db5dfc08c7c1852e8d8892e7202a410345d
SHA512

aaf4ec39627ab2e97b1dd63c864a63ee18c0a56367305bdf748c950a27e7680da59f25af139aaa8e98d8bb73d386173124b23281cc4ac424bbfba40c49c1e457

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 600	112	cmd.exe	28
PID 112 wrote to memory of 600	112	cmd.exe	28
PID 112 wrote to memory of 600	112	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\disallowable\bankbook.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\system32\replace.exe
  replace C:\Windows\system32\regsv C:\Users\Admin\AppData\Local\Temp /A
  2⤵
  PID:600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads