ccbcde2e129c52025b7682182a8587311f50e0bfbad19c4bf7e434769414620b | Triage

Analysis

max time kernel
228s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 16:57

Sharing

Report Analysis Logs

General

Target

twogee.bat
Size

1KB
MD5

8ff5fec6eb6663ced3441b2106aed8d2
SHA1

9a495e1971810d70f3fd6e6d928ca1559a8b685e
SHA256

7a989ad4f2f3a0861f48903b005c8dea0c7f5f8e6850c2223ada308da807a585
SHA512

c094337dcc66b66d31de3693bdadc47de9b36859d26117c305b5216c0cb2852e610b00ca67258ae8489f47807c2189a379f0eaab9c9e6c52bd7c286a42a90a63

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 5016	2320	cmd.exe	80
PID 2320 wrote to memory of 5016	2320	cmd.exe	80

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\twogee.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\system32\xcopy.exe
  xcopy /s /i /e /h boardsailing.dll C:\Users\Admin\AppData\Local\Temp\*
  2⤵
  PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads