9dadaba0f07cac5be454ee9786e6cc941139ad8f71c8c41a61b6bcf817cb55e9

Analysis

max time kernel
59s
max time network
51s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/11/2022, 23:11

Target

9png/draw9patch.bat
Size

1KB
MD5

0e12481de3bd3f22284dbfcc0c2ba3d3
SHA1

814bea86174d5bf1c9d8ce2928f494957fc5e9b4
SHA256

aaaf0dc8e1a5dc4c4d93a0ee0622228e236ed829e4505d6789fd78adac1d7c6f
SHA512

2a0d2024dbaab2aeec9b711f6ab6bf0bd5c4800c1c2aa3be2795a5a3aeeca923f8400041740fffa6f15dcc8debdc463a162e53b72b6e89de4771b3ec9dbb4110

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2012	java.exe
2012	java.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2012	1784	cmd.exe	28
PID 1784 wrote to memory of 2012	1784	cmd.exe	28
PID 1784 wrote to memory of 2012	1784	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\9png\draw9patch.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Windows\system32\java.exe
  java -Djava.ext.dirs=lib\ -jar lib\draw9patch.jar
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2012

memory/2012-55-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmp

Filesize
8KB

Download
memory/2012-65-0x0000000002160000-0x0000000005160000-memory.dmp

Filesize
48.0MB

Download
memory/2012-66-0x0000000002160000-0x0000000005160000-memory.dmp

Filesize
48.0MB

Download
memory/2012-73-0x0000000001E50000-0x0000000001E5A000-memory.dmp

Filesize
40KB

Download
memory/2012-74-0x0000000001E50000-0x0000000001E5A000-memory.dmp

Filesize
40KB

Download
memory/2012-75-0x0000000001E50000-0x0000000001E5A000-memory.dmp

Filesize
40KB

Download
memory/2012-76-0x0000000001E50000-0x0000000001E5A000-memory.dmp

Filesize
40KB

Download