33c21bf2e0c7f058fc2d76c9fa41e7fa203b1793b45ea61fec551186998f709a | Triage

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28/12/2022, 14:33

Sharing

Report Analysis Logs

General

Target

ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/spotlightimageextractor.cmd
Size

1011B
MD5

6cb60c9430cb6d8e10b310926c58bcbf
SHA1

892675ac0aeba3bb4f6c47ed5c02530500dbe221
SHA256

0eec5b166b18faefcd394d13a6ebce3cd12e48f70f6433c8e3d981432dcb7774
SHA512

af040775812d9daccb99aeca0eccd3b9cae093d508a476518b39186a7992086e0609fe4afefb849cca530f5453d6fd74949fa4264eeec44f3e41ede231bd1916

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

pid	Process
868	timeout.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 868	2004	cmd.exe	29
PID 2004 wrote to memory of 868	2004	cmd.exe	29
PID 2004 wrote to memory of 868	2004	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\ChrisTitusTech_debloatWin10_elQueAnda\cttscript\Individual Scripts\spotlightimageextractor.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\system32\timeout.exe
  timeout 3
  2⤵
  - Delays execution with timeout.exe
  PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads