ccbcde2e129c52025b7682182a8587311f50e0bfbad19c4bf7e434769414620b | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 16:57

Sharing

Report Analysis Logs

General

Target

twogee.bat
Size

1KB
MD5

8ff5fec6eb6663ced3441b2106aed8d2
SHA1

9a495e1971810d70f3fd6e6d928ca1559a8b685e
SHA256

7a989ad4f2f3a0861f48903b005c8dea0c7f5f8e6850c2223ada308da807a585
SHA512

c094337dcc66b66d31de3693bdadc47de9b36859d26117c305b5216c0cb2852e610b00ca67258ae8489f47807c2189a379f0eaab9c9e6c52bd7c286a42a90a63

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1284	1908	cmd.exe	29
PID 1908 wrote to memory of 1284	1908	cmd.exe	29
PID 1908 wrote to memory of 1284	1908	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\twogee.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\system32\xcopy.exe
  xcopy /s /i /e /h boardsailing.dll C:\Users\Admin\AppData\Local\Temp\*
  2⤵
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads