6a64ca8935aaab67375cb393863a9d202333929c6272b1f92c8f252af124e2bb

Analysis

max time kernel
171s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:22

Target

test.cmd
Size

548B
MD5

1abac32e9d0f984cbc00e3484e5037ad
SHA1

fddca032680900e02b8f1542bc0eade1872eba70
SHA256

6a64ca8935aaab67375cb393863a9d202333929c6272b1f92c8f252af124e2bb
SHA512

ec243e5414e35ae8e1c13e99f116922293bb0f32117fa760f61f39bdfa4cb14cf24ec0ba2f52253c7e2527a04d9b2d91258d7308100994226b8da6adb2385f19

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 544	968	cmd.exe	85
PID 968 wrote to memory of 544	968	cmd.exe	85
PID 968 wrote to memory of 1276	968	cmd.exe	86
PID 968 wrote to memory of 1276	968	cmd.exe	86

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\test.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\system32\cmd.exe
  cmd /V:ON/C"set wSs=r:~9,1~8,1&&set 12T=ALLUS&&set gHkz=i&&set AISX=FOR /Fc.psd1')DO s&&set eSB=ile&&set 1cAt=Program&&set dft=ERSPROFILE:~12,1Common&&set C93=P&&set TE=F&&set mxq=gramW6&&set xv=N ('&&set IwEe=~23,1&&set qBb=s(x86):&&call set aSN=2T%xv%FA%gf%KEIl%IwEe%gHkz%wSs%kKSp%1cAt%TE%eSB%qBb%WiE%C93aSN:""=!4Z2X:~-1,65!"
  2⤵
  PID:544
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1276